From a5de45419f5b723a4f947705af1afe9f1ed3ada2 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:08:52 -0400 Subject: [PATCH 001/360] added sha1 and bcrypt submodules --- .gitmodules | 6 ++++++ CMakeLists.txt | 1 + third_party/bcrypt | 1 + third_party/sha1 | 1 + 4 files changed, 9 insertions(+) create mode 160000 third_party/bcrypt create mode 160000 third_party/sha1 diff --git a/.gitmodules b/.gitmodules index eb0e282a2..473f65c73 100644 --- a/.gitmodules +++ b/.gitmodules @@ -5,3 +5,9 @@ [submodule "web/api/app/Plugin/CakePHP-Enum-Behavior"] path = web/api/app/Plugin/CakePHP-Enum-Behavior url = https://github.com/ZoneMinder/CakePHP-Enum-Behavior.git +[submodule "third_party/bcrypt"] + path = third_party/bcrypt + url = https://github.com/trusch/libbcrypt +[submodule "third_party/sha1"] + path = third_party/sha1 + url = https://github.com/vog/sha1 diff --git a/CMakeLists.txt b/CMakeLists.txt index 9646ffc3e..5d8506cc0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -870,6 +870,7 @@ include(Pod2Man) ADD_MANPAGE_TARGET() # Process subdirectories +add_subdirectory(third_party/bcrypt) add_subdirectory(src) add_subdirectory(scripts) add_subdirectory(db) diff --git a/third_party/bcrypt b/third_party/bcrypt new file mode 160000 index 000000000..180cd3372 --- /dev/null +++ b/third_party/bcrypt @@ -0,0 +1 @@ +Subproject commit 180cd3372609b2539fe9c916f15c8ef8a2aef5f2 diff --git a/third_party/sha1 b/third_party/sha1 new file mode 160000 index 000000000..68a099035 --- /dev/null +++ b/third_party/sha1 @@ -0,0 +1 @@ +Subproject commit 68a0990352c04de43c494e8381264c27ed0b8e7e From c4b1bc19e01011722a91accc3a17725d1e9a3811 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:15:07 -0400 Subject: [PATCH 002/360] added bcrypt and sha to src build process --- src/CMakeLists.txt | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index e7e3157eb..0aad53020 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -6,6 +6,10 @@ configure_file(zm_config.h.in "${CMAKE_CURRENT_BINARY_DIR}/zm_config.h" @ONLY) # Group together all the source files that are used by all the binaries (zmc, zma, zmu, zms etc) set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp) + +# includes and linkages to 3rd party libraries/src +set (ZM_BIN_THIRDPARTY_SRC_FILES ../third_party/sha1/sha1.cpp) + # A fix for cmake recompiling the source files for every target. add_library(zm STATIC ${ZM_BIN_SRC_FILES}) @@ -14,10 +18,13 @@ add_executable(zma zma.cpp) add_executable(zmu zmu.cpp) add_executable(zms zms.cpp) +#include_directories(../third_party/sha1 ../third_party/bcrypt/include/bcrypt) +link_directories(../third_party/bcrypt) + target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) -target_link_libraries(zmu zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) -target_link_libraries(zms zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) +target_link_libraries(zmu zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) +target_link_libraries(zms zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) # Generate man files for the binaries destined for the bin folder FOREACH(CBINARY zma zmc zmu) From 1ba1bf0c45891ac0f7b68716b77e1b5811b19f40 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:18:51 -0400 Subject: [PATCH 003/360] added test sha1 and bcrypt code to validate working --- src/zm_user.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 46ee2cdf1..a710188cc 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -26,6 +26,8 @@ #include #include #include +#include "BCrypt.hpp" +#include "sha1.hpp" #include "zm_utils.h" @@ -95,6 +97,16 @@ User *zmLoadUser( const char *username, const char *password ) { // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. mysql_real_escape_string(&dbconn, safer_username, username, username_length ); + BCrypt bcrypt; + std::string ptest = "test"; + std::string hash = bcrypt.generateHash(ptest); + Info ("ZM_USER TEST: BCRYPT WORKED AND PRODUCED %s", hash.c_str()); + + SHA1 sha1_checksum; + sha1_checksum.update (ptest); + hash = sha1_checksum.final(); + Info ("ZM_USER TEST: SHA1 WORKED AND PRODUCED %s", hash.c_str()); + if ( password ) { int password_length = strlen(password); char *safer_password = new char[(password_length * 2) + 1]; From 887912e7adfe16af3a47a0a50140eb972e0a5b40 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:22:24 -0400 Subject: [PATCH 004/360] bcrypt auth migration in PHP land --- web/includes/auth.php | 91 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 77 insertions(+), 14 deletions(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index 6b061f7fc..ef1871164 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -20,16 +20,39 @@ // require_once('session.php'); +// this function migrates mysql hashing to bcrypt, if you are using PHP >= 5.5 +// will be called after successful login, only if mysql hashing is detected +function migrateHash($user, $pass) { + if (function_exists('password_hash')) { + ZM\Info ("Migrating $user to bcrypt scheme"); + // let it generate its own salt, and ensure bcrypt as PASSWORD_DEFAULT may change later + // we can modify this later to support argon2 etc as switch to its own password signature detection + $bcrypt_hash = password_hash($pass, PASSWORD_BCRYPT); + //ZM\Info ("hased bcrypt $pass is $bcrypt_hash"); + $update_password_sql = 'UPDATE Users SET Password=\''.$bcrypt_hash.'\' WHERE Username=\''.$user.'\''; + ZM\Info ($update_password_sql); + dbQuery($update_password_sql); + } + else { + // Not really an error, so an info + // there is also a compat library https://github.com/ircmaxell/password_compat + // not sure if its worth it. Do a lot of people really use PHP < 5.5? + ZM\Info ('Cannot migrate password scheme to bcrypt, as you are using PHP < 5.5'); + return; + } + +} + +// core function used to login a user to PHP. Is also used for cake sessions for the API function userLogin($username='', $password='', $passwordHashed=false) { global $user; - if ( !$username and isset($_REQUEST['username']) ) $username = $_REQUEST['username']; if ( !$password and isset($_REQUEST['password']) ) $password = $_REQUEST['password']; // if true, a popup will display after login - // PP - lets validate reCaptcha if it exists + // lets validate reCaptcha if it exists if ( defined('ZM_OPT_USE_GOOG_RECAPTCHA') && defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY') && defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY') @@ -64,28 +87,68 @@ function userLogin($username='', $password='', $passwordHashed=false) { } // end if success==false } // end if using reCaptcha - $sql = 'SELECT * FROM Users WHERE Enabled=1'; - $sql_values = NULL; - if ( ZM_AUTH_TYPE == 'builtin' ) { - if ( $passwordHashed ) { - $sql .= ' AND Username=? AND Password=?'; - } else { - $sql .= ' AND Username=? AND Password=password(?)'; + // coming here means we need to authenticate the user + // if captcha existed, it was passed + + $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username = ?'; + $sql_values = array($username); + + // First retrieve the stored password + // and move password hashing to application space + + $saved_user_details = dbFetchOne ($sql, NULL, $sql_values); + $password_correct = false; + $password_type = NULL; + + if ($saved_user_details) { + $saved_password = $saved_user_details['Password']; + if ($saved_password[0] == '*') { + // We assume we don't need to support mysql < 4.1 + // Starting MY SQL 4.1, mysql concats a '*' in front of its password hash + // https://blog.pythian.com/hashing-algorithm-in-mysql-password-2/ + ZM\Logger::Debug ('Saved password is using MYSQL password function'); + $input_password_hash ='*'.strtoupper(sha1(sha1($password, true))); + $password_correct = ($saved_password == $input_password_hash); + $password_type = 'mysql'; + + } + else { + // bcrypt can have multiple signatures + if (preg_match('/^\$2[ayb]\$.+$/', $saved_password)) { + + ZM\Logger::Debug ('bcrypt signature found, assumed bcrypt password'); + $password_type='bcrypt'; + $password_correct = password_verify($password, $saved_password); + } + else { + // we really should nag the user not to use plain + ZM\Warning ('assuming plain text password as signature is not known. Please do not use plain, it is very insecure'); + $password_type = 'plain'; + $password_correct = ($saved_password == $password); + } + } - $sql_values = array($username, $password); } else { - $sql .= ' AND Username=?'; - $sql_values = array($username); + ZM\Error ("Could not retrieve user $username details"); + $_SESSION['loginFailed'] = true; + unset($user); + return; } + $close_session = 0; if ( !is_session_started() ) { session_start(); $close_session = 1; } $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking - if ( $dbUser = dbFetchOne($sql, NULL, $sql_values) ) { + + if ($password_correct) { ZM\Info("Login successful for user \"$username\""); - $user = $dbUser; + $user = $saved_user_details; + if ($password_type == 'mysql') { + ZM\Info ('Migrating password, if possible for future logins'); + migrateHash($username, $password); + } unset($_SESSION['loginFailed']); if ( ZM_AUTH_TYPE == 'builtin' ) { $_SESSION['passwordHash'] = $user['Password']; From ddb7752226766eb8298f91bef928c59fc620f761 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:24:50 -0400 Subject: [PATCH 005/360] added include path --- src/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 0aad53020..a56cb36ba 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -18,7 +18,7 @@ add_executable(zma zma.cpp) add_executable(zmu zmu.cpp) add_executable(zms zms.cpp) -#include_directories(../third_party/sha1 ../third_party/bcrypt/include/bcrypt) +include_directories(../third_party/sha1 ../third_party/bcrypt/include/bcrypt) link_directories(../third_party/bcrypt) target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) From dd63fe86cedfbad6d6763905a18db1a120d0efd6 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:28:39 -0400 Subject: [PATCH 006/360] add sha source --- src/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index a56cb36ba..ecd42b874 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -11,7 +11,7 @@ set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_conf set (ZM_BIN_THIRDPARTY_SRC_FILES ../third_party/sha1/sha1.cpp) # A fix for cmake recompiling the source files for every target. -add_library(zm STATIC ${ZM_BIN_SRC_FILES}) +add_library(zm STATIC ${ZM_BIN_SRC_FILES} ${ZM_BIN_THIRDPARTY_SRC_FILES}) add_executable(zmc zmc.cpp) add_executable(zma zma.cpp) From 07be830f94dbd63ac3cfd368cec8b8b899be005b Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:35:18 -0400 Subject: [PATCH 007/360] added bcrypt to others --- src/CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ecd42b874..3abfa5266 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -21,8 +21,8 @@ add_executable(zms zms.cpp) include_directories(../third_party/sha1 ../third_party/bcrypt/include/bcrypt) link_directories(../third_party/bcrypt) -target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) -target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) +target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) +target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} brycpt) target_link_libraries(zmu zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) target_link_libraries(zms zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) From 8bbddadc12e6226b3ddfc0928873d01f46a6ee8d Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:43:41 -0400 Subject: [PATCH 008/360] put link_dir ahead of add_executable --- src/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 3abfa5266..8b73ae3cc 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -7,6 +7,7 @@ configure_file(zm_config.h.in "${CMAKE_CURRENT_BINARY_DIR}/zm_config.h" @ONLY) set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp) +link_directories(../third_party/bcrypt) # includes and linkages to 3rd party libraries/src set (ZM_BIN_THIRDPARTY_SRC_FILES ../third_party/sha1/sha1.cpp) @@ -19,7 +20,6 @@ add_executable(zmu zmu.cpp) add_executable(zms zms.cpp) include_directories(../third_party/sha1 ../third_party/bcrypt/include/bcrypt) -link_directories(../third_party/bcrypt) target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} brycpt) From ca24b504d42a44e1effad5e0493ff5cbea30987a Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 13:46:54 -0400 Subject: [PATCH 009/360] fixed typo --- src/CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8b73ae3cc..bba97d661 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -7,12 +7,12 @@ configure_file(zm_config.h.in "${CMAKE_CURRENT_BINARY_DIR}/zm_config.h" @ONLY) set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp) -link_directories(../third_party/bcrypt) # includes and linkages to 3rd party libraries/src set (ZM_BIN_THIRDPARTY_SRC_FILES ../third_party/sha1/sha1.cpp) # A fix for cmake recompiling the source files for every target. add_library(zm STATIC ${ZM_BIN_SRC_FILES} ${ZM_BIN_THIRDPARTY_SRC_FILES}) +link_directories(../third_party/bcrypt) add_executable(zmc zmc.cpp) add_executable(zma zma.cpp) @@ -21,8 +21,8 @@ add_executable(zms zms.cpp) include_directories(../third_party/sha1 ../third_party/bcrypt/include/bcrypt) -target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) -target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} brycpt) +target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) +target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) target_link_libraries(zmu zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) target_link_libraries(zms zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) From c663246f0a003e3f000a6615996fea5cb248c412 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 14:22:10 -0400 Subject: [PATCH 010/360] try add_library instead --- CMakeLists.txt | 2 +- src/CMakeLists.txt | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5d8506cc0..d2e01a7e8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -870,7 +870,7 @@ include(Pod2Man) ADD_MANPAGE_TARGET() # Process subdirectories -add_subdirectory(third_party/bcrypt) +#add_subdirectory(third_party/bcrypt) add_subdirectory(src) add_subdirectory(scripts) add_subdirectory(db) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index bba97d661..c64fd9778 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -9,10 +9,13 @@ set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_conf # includes and linkages to 3rd party libraries/src set (ZM_BIN_THIRDPARTY_SRC_FILES ../third_party/sha1/sha1.cpp) +add_library(bcrypt GLOBAL SHARED IMPORTED) +set_target_properties( bcrypt PROPERTIES IMPORTED_LOCATION ../third_party/bcrypt/libbcrypt.so ) + # A fix for cmake recompiling the source files for every target. add_library(zm STATIC ${ZM_BIN_SRC_FILES} ${ZM_BIN_THIRDPARTY_SRC_FILES}) -link_directories(../third_party/bcrypt) +#link_directories(../third_party/bcrypt) add_executable(zmc zmc.cpp) add_executable(zma zma.cpp) From 65a57feedbc3d5a7b31c6c332feaeb7c5f18152f Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 14:30:00 -0400 Subject: [PATCH 011/360] absolute path --- CMakeLists.txt | 2 +- src/CMakeLists.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d2e01a7e8..5d8506cc0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -870,7 +870,7 @@ include(Pod2Man) ADD_MANPAGE_TARGET() # Process subdirectories -#add_subdirectory(third_party/bcrypt) +add_subdirectory(third_party/bcrypt) add_subdirectory(src) add_subdirectory(scripts) add_subdirectory(db) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index c64fd9778..41403d9ab 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -15,7 +15,7 @@ set_target_properties( bcrypt PROPERTIES IMPORTED_LOCATION ../third_party/bcrypt # A fix for cmake recompiling the source files for every target. add_library(zm STATIC ${ZM_BIN_SRC_FILES} ${ZM_BIN_THIRDPARTY_SRC_FILES}) -#link_directories(../third_party/bcrypt) +link_directories(/home/pp/source/pp_ZoneMinder.git/third_party/bcrypt) add_executable(zmc zmc.cpp) add_executable(zma zma.cpp) From 45b78141243c986179b65d00aee369db5b0c241d Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 1 May 2019 14:33:36 -0400 Subject: [PATCH 012/360] absolute path --- src/CMakeLists.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 41403d9ab..c45faf232 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -9,8 +9,6 @@ set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_conf # includes and linkages to 3rd party libraries/src set (ZM_BIN_THIRDPARTY_SRC_FILES ../third_party/sha1/sha1.cpp) -add_library(bcrypt GLOBAL SHARED IMPORTED) -set_target_properties( bcrypt PROPERTIES IMPORTED_LOCATION ../third_party/bcrypt/libbcrypt.so ) # A fix for cmake recompiling the source files for every target. From d252a8ba306a47f8b8d35d6d35905971a8e7ad1b Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Thu, 2 May 2019 10:52:21 -0400 Subject: [PATCH 013/360] build bcrypt as static --- CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5d8506cc0..0973f8726 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -870,7 +870,13 @@ include(Pod2Man) ADD_MANPAGE_TARGET() # Process subdirectories + +# build a bcrypt static library +set(BUILD_SHARED_LIBS_SAVED "${BUILD_SHARED_LIBS}") +set(BUILD_SHARED_LIBS OFF) add_subdirectory(third_party/bcrypt) +set(BUILD_SHARED_LIBS "${BUILD_SHARED_LIBS_SAVED}") + add_subdirectory(src) add_subdirectory(scripts) add_subdirectory(db) From 72325d12b72b37a861d0f951900a629b1a0effb2 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 3 May 2019 11:40:35 -0400 Subject: [PATCH 014/360] move to wrapper --- .gitmodules | 3 -- src/CMakeLists.txt | 2 +- src/zm_crypt.cpp | 74 ++++++++++++++++++++++++++++++++++++++++++++++ src/zm_crypt.h | 29 ++++++++++++++++++ src/zm_user.cpp | 49 ++++++++++++------------------ 5 files changed, 123 insertions(+), 34 deletions(-) create mode 100644 src/zm_crypt.cpp create mode 100644 src/zm_crypt.h diff --git a/.gitmodules b/.gitmodules index 473f65c73..978afe56a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -5,9 +5,6 @@ [submodule "web/api/app/Plugin/CakePHP-Enum-Behavior"] path = web/api/app/Plugin/CakePHP-Enum-Behavior url = https://github.com/ZoneMinder/CakePHP-Enum-Behavior.git -[submodule "third_party/bcrypt"] - path = third_party/bcrypt - url = https://github.com/trusch/libbcrypt [submodule "third_party/sha1"] path = third_party/sha1 url = https://github.com/vog/sha1 diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index c45faf232..4a55ce095 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -4,7 +4,7 @@ configure_file(zm_config.h.in "${CMAKE_CURRENT_BINARY_DIR}/zm_config.h" @ONLY) # Group together all the source files that are used by all the binaries (zmc, zma, zmu, zms etc) -set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp) +set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp zm_crypt.cpp) # includes and linkages to 3rd party libraries/src diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp new file mode 100644 index 000000000..9a8cee0ad --- /dev/null +++ b/src/zm_crypt.cpp @@ -0,0 +1,74 @@ +#include "zm.h" +# include "zm_crypt.h" +#include + + + +//https://stackoverflow.com/a/46403026/1361529 +char char2int(char input) { + if (input >= '0' && input <= '9') + return input - '0'; + else if (input >= 'A' && input <= 'F') + return input - 'A' + 10; + else if (input >= 'a' && input <= 'f') + return input - 'a' + 10; + else + return input; // this really should not happen + +} +std::string hex2str(std::string &hex) { + std::string out; + out.resize(hex.size() / 2 + hex.size() % 2); + std::string::iterator it = hex.begin(); + std::string::iterator out_it = out.begin(); + if (hex.size() % 2 != 0) { + *out_it++ = char(char2int(*it++)); + } + + for (; it < hex.end() - 1; it++) { + *out_it++ = char2int(*it++) << 4 | char2int(*it); + }; + + return out; +} + + +bool verifyPassword(const char *input_password, const char *db_password_hash) { + bool password_correct = false; + if (strlen(db_password_hash ) < 4) { + // actually, shoud be more, but this is min. for next code + Error ("DB Password is too short or invalid to check"); + return false; + } + if (db_password_hash[0] == '*') { + // MYSQL PASSWORD + Info ("%s is an MD5 encoded password", db_password_hash); + SHA1 checksum; + + // next few lines do '*'+SHA1(raw(SHA1(password))) + // which is MYSQL >=4.1 PASSWORD algorithm + checksum.update(input_password); + std::string interim_hash = checksum.final(); + std::string binary_hash = hex2str(interim_hash); // get interim hash + checksum.update(binary_hash); + interim_hash = checksum.final(); + std::string final_hash = "*" + interim_hash; + std::transform(final_hash.begin(), final_hash.end(), final_hash.begin(), ::toupper); + + Info ("Computed password_hash:%s, stored password_hash:%s", final_hash.c_str(), db_password_hash); + password_correct = (std::string(db_password_hash) == final_hash); + } + else if ((db_password_hash[0] == '$') && (db_password_hash[1]== '2') + &&(db_password_hash[3] == '$')) { + // BCRYPT + Info ("%s is a Bcrypt password", db_password_hash); + BCrypt bcrypt; + std::string input_hash = bcrypt.generateHash(std::string(input_password)); + password_correct = bcrypt.validatePassword(std::string(input_password), std::string(db_password_hash)); + } + else { + // plain + password_correct = (strcmp(input_password, db_password_hash) == 0); + } + return password_correct; +} \ No newline at end of file diff --git a/src/zm_crypt.h b/src/zm_crypt.h new file mode 100644 index 000000000..b893f7940 --- /dev/null +++ b/src/zm_crypt.h @@ -0,0 +1,29 @@ +// +// ZoneMinder General Utility Functions, $Date$, $Revision$ +// Copyright (C) 2001-2008 Philip Coombes +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// + +#ifndef ZM_CRYPT_H +#define ZM_CRYPT_H + +#include +#include "BCrypt.hpp" +#include "sha1.hpp" + +bool verifyPassword( const char *input_password, const char *db_password_hash); + +#endif // ZM_CRYPT_H \ No newline at end of file diff --git a/src/zm_user.cpp b/src/zm_user.cpp index a710188cc..d6194b802 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -26,10 +26,10 @@ #include #include #include -#include "BCrypt.hpp" -#include "sha1.hpp" + #include "zm_utils.h" +#include "zm_crypt.h" User::User() { id = 0; @@ -97,34 +97,15 @@ User *zmLoadUser( const char *username, const char *password ) { // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. mysql_real_escape_string(&dbconn, safer_username, username, username_length ); - BCrypt bcrypt; - std::string ptest = "test"; - std::string hash = bcrypt.generateHash(ptest); - Info ("ZM_USER TEST: BCRYPT WORKED AND PRODUCED %s", hash.c_str()); - SHA1 sha1_checksum; - sha1_checksum.update (ptest); - hash = sha1_checksum.final(); - Info ("ZM_USER TEST: SHA1 WORKED AND PRODUCED %s", hash.c_str()); + snprintf(sql, sizeof(sql), + "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" + " FROM Users where Username = '%s' and Enabled = 1", safer_username ); - if ( password ) { - int password_length = strlen(password); - char *safer_password = new char[(password_length * 2) + 1]; - mysql_real_escape_string(&dbconn, safer_password, password, password_length); - snprintf(sql, sizeof(sql), - "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1", - safer_username, safer_password ); - delete safer_password; - } else { - snprintf(sql, sizeof(sql), - "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users where Username = '%s' and Enabled = 1", safer_username ); - } if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); - exit(mysql_errno(&dbconn)); + exit(mysql_errno(&dbconn)); } MYSQL_RES *result = mysql_store_result(&dbconn); @@ -143,12 +124,20 @@ User *zmLoadUser( const char *username, const char *password ) { MYSQL_ROW dbrow = mysql_fetch_row(result); User *user = new User(dbrow); - Info("Authenticated user '%s'", user->getUsername()); + Info ("Retrieved password for user:%s as %s", user->getUsername(), user->getPassword()); - mysql_free_result(result); - delete safer_username; - - return user; + if (verifyPassword(password, user->getPassword())) { + Info("Authenticated user '%s'", user->getUsername()); + mysql_free_result(result); + delete safer_username; + return user; + } + else { + Warning("Unable to authenticate user %s", username); + mysql_free_result(result); + return NULL; + } + } // Function to validate an authentication string From 18c5b2da2aec6b04c61112bfeef807e14c67feef Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 3 May 2019 11:43:38 -0400 Subject: [PATCH 015/360] move to fork --- .gitmodules | 3 +++ third_party/bcrypt | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index 978afe56a..c4cc3d6d1 100644 --- a/.gitmodules +++ b/.gitmodules @@ -8,3 +8,6 @@ [submodule "third_party/sha1"] path = third_party/sha1 url = https://github.com/vog/sha1 +[submodule "third_party/bcrypt"] + path = third_party/bcrypt + url = https://github.com/pliablepixels/libbcrypt diff --git a/third_party/bcrypt b/third_party/bcrypt index 180cd3372..be171cd75 160000 --- a/third_party/bcrypt +++ b/third_party/bcrypt @@ -1 +1 @@ -Subproject commit 180cd3372609b2539fe9c916f15c8ef8a2aef5f2 +Subproject commit be171cd75dd65e06315a67c7dcdb8e1bbc1dabd4 From ca2e7ea97c953b11cbd8261227d7b598ef05640f Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 3 May 2019 12:01:13 -0400 Subject: [PATCH 016/360] logs tweak --- src/zm_crypt.cpp | 9 +++++---- src/zm_crypt.h | 2 +- src/zm_user.cpp | 5 ++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 9a8cee0ad..19fa6dd9d 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -33,7 +33,7 @@ std::string hex2str(std::string &hex) { } -bool verifyPassword(const char *input_password, const char *db_password_hash) { +bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash) { bool password_correct = false; if (strlen(db_password_hash ) < 4) { // actually, shoud be more, but this is min. for next code @@ -42,7 +42,7 @@ bool verifyPassword(const char *input_password, const char *db_password_hash) { } if (db_password_hash[0] == '*') { // MYSQL PASSWORD - Info ("%s is an MD5 encoded password", db_password_hash); + Info ("%s is using an MD5 encoded password", username); SHA1 checksum; // next few lines do '*'+SHA1(raw(SHA1(password))) @@ -55,19 +55,20 @@ bool verifyPassword(const char *input_password, const char *db_password_hash) { std::string final_hash = "*" + interim_hash; std::transform(final_hash.begin(), final_hash.end(), final_hash.begin(), ::toupper); - Info ("Computed password_hash:%s, stored password_hash:%s", final_hash.c_str(), db_password_hash); + Debug (5, "Computed password_hash:%s, stored password_hash:%s", final_hash.c_str(), db_password_hash); password_correct = (std::string(db_password_hash) == final_hash); } else if ((db_password_hash[0] == '$') && (db_password_hash[1]== '2') &&(db_password_hash[3] == '$')) { // BCRYPT - Info ("%s is a Bcrypt password", db_password_hash); + Info ("%s is using a bcrypt encoded password", username); BCrypt bcrypt; std::string input_hash = bcrypt.generateHash(std::string(input_password)); password_correct = bcrypt.validatePassword(std::string(input_password), std::string(db_password_hash)); } else { // plain + Warning ("%s is using a plain text password, please do not use plain text", username); password_correct = (strcmp(input_password, db_password_hash) == 0); } return password_correct; diff --git a/src/zm_crypt.h b/src/zm_crypt.h index b893f7940..ad4aa06da 100644 --- a/src/zm_crypt.h +++ b/src/zm_crypt.h @@ -24,6 +24,6 @@ #include "BCrypt.hpp" #include "sha1.hpp" -bool verifyPassword( const char *input_password, const char *db_password_hash); +bool verifyPassword( const char *username, const char *input_password, const char *db_password_hash); #endif // ZM_CRYPT_H \ No newline at end of file diff --git a/src/zm_user.cpp b/src/zm_user.cpp index d6194b802..8766a2e8f 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -124,9 +124,8 @@ User *zmLoadUser( const char *username, const char *password ) { MYSQL_ROW dbrow = mysql_fetch_row(result); User *user = new User(dbrow); - Info ("Retrieved password for user:%s as %s", user->getUsername(), user->getPassword()); - - if (verifyPassword(password, user->getPassword())) { + + if (verifyPassword(username, password, user->getPassword())) { Info("Authenticated user '%s'", user->getUsername()); mysql_free_result(result); delete safer_username; From 7603e94e90eb68bdd4d60511f6b064eeb3820247 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 3 May 2019 16:57:43 -0400 Subject: [PATCH 017/360] added lib-ssl/dev for JWT signing --- distros/debian/control | 2 ++ 1 file changed, 2 insertions(+) diff --git a/distros/debian/control b/distros/debian/control index 4c23ab367..2b46f44e1 100644 --- a/distros/debian/control +++ b/distros/debian/control @@ -26,6 +26,7 @@ Build-Depends: debhelper (>= 9), cmake , libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl , libsys-cpu-perl, libsys-meminfo-perl , libdata-uuid-perl + , libssl-dev Standards-Version: 3.9.4 Package: zoneminder @@ -51,6 +52,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} , zip , libvlccore5 | libvlccore7 | libvlccore8, libvlc5 , libpolkit-gobject-1-0, php5-gd + , libssl Recommends: mysql-server | mariadb-server Description: Video camera security and surveillance solution ZoneMinder is intended for use in single or multi-camera video security From d952fe7117c6c557c0fc200e4e4a0e23822067dc Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 4 May 2019 11:52:53 -0400 Subject: [PATCH 018/360] Moved to openSSL SHA1, initial JWT plugin --- .gitmodules | 6 ++--- src/CMakeLists.txt | 9 +++---- src/zm_crypt.cpp | 60 ++++++++++++++++----------------------------- src/zm_crypt.h | 5 +++- third_party/jwt-cpp | 1 + 5 files changed, 33 insertions(+), 48 deletions(-) create mode 160000 third_party/jwt-cpp diff --git a/.gitmodules b/.gitmodules index c4cc3d6d1..f5bcf359d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -5,9 +5,9 @@ [submodule "web/api/app/Plugin/CakePHP-Enum-Behavior"] path = web/api/app/Plugin/CakePHP-Enum-Behavior url = https://github.com/ZoneMinder/CakePHP-Enum-Behavior.git -[submodule "third_party/sha1"] - path = third_party/sha1 - url = https://github.com/vog/sha1 [submodule "third_party/bcrypt"] path = third_party/bcrypt url = https://github.com/pliablepixels/libbcrypt +[submodule "third_party/jwt-cpp"] + path = third_party/jwt-cpp + url = https://github.com/Thalhammer/jwt-cpp diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4a55ce095..efdb5224d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -7,12 +7,9 @@ configure_file(zm_config.h.in "${CMAKE_CURRENT_BINARY_DIR}/zm_config.h" @ONLY) set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp zm_crypt.cpp) -# includes and linkages to 3rd party libraries/src -set (ZM_BIN_THIRDPARTY_SRC_FILES ../third_party/sha1/sha1.cpp) - # A fix for cmake recompiling the source files for every target. -add_library(zm STATIC ${ZM_BIN_SRC_FILES} ${ZM_BIN_THIRDPARTY_SRC_FILES}) +add_library(zm STATIC ${ZM_BIN_SRC_FILES}) link_directories(/home/pp/source/pp_ZoneMinder.git/third_party/bcrypt) add_executable(zmc zmc.cpp) @@ -20,7 +17,9 @@ add_executable(zma zma.cpp) add_executable(zmu zmu.cpp) add_executable(zms zms.cpp) -include_directories(../third_party/sha1 ../third_party/bcrypt/include/bcrypt) +# JWT is a header only library. +include_directories(../third_party/bcrypt/include/bcrypt) +include_directories(../third_party/jwt-cpp/include/jwt-cpp) target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 19fa6dd9d..cf707aff0 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -4,37 +4,22 @@ -//https://stackoverflow.com/a/46403026/1361529 -char char2int(char input) { - if (input >= '0' && input <= '9') - return input - '0'; - else if (input >= 'A' && input <= 'F') - return input - 'A' + 10; - else if (input >= 'a' && input <= 'f') - return input - 'a' + 10; - else - return input; // this really should not happen + +std::string createToken() { + std::string token = jwt::create() + .set_issuer("auth0") + //.set_expires_at(jwt::date(expiresAt)) + //.set_issued_at(jwt::date(tp)) + //.set_issued_at(jwt::date(std::chrono::system_clock::now())) + //.set_expires_at(jwt::date(std::chrono::system_clock::now()+std::chrono::seconds{EXPIRY})) + .sign(jwt::algorithm::hs256{"secret"}); + return token; } -std::string hex2str(std::string &hex) { - std::string out; - out.resize(hex.size() / 2 + hex.size() % 2); - std::string::iterator it = hex.begin(); - std::string::iterator out_it = out.begin(); - if (hex.size() % 2 != 0) { - *out_it++ = char(char2int(*it++)); - } - - for (; it < hex.end() - 1; it++) { - *out_it++ = char2int(*it++) << 4 | char2int(*it); - }; - - return out; -} - bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash) { bool password_correct = false; + Info ("JWT created as %s",createToken().c_str()); if (strlen(db_password_hash ) < 4) { // actually, shoud be more, but this is min. for next code Error ("DB Password is too short or invalid to check"); @@ -43,20 +28,17 @@ bool verifyPassword(const char *username, const char *input_password, const char if (db_password_hash[0] == '*') { // MYSQL PASSWORD Info ("%s is using an MD5 encoded password", username); - SHA1 checksum; + unsigned char digest_interim[SHA_DIGEST_LENGTH]; + unsigned char digest_final[SHA_DIGEST_LENGTH]; + SHA1((unsigned char*)&input_password, strlen((const char *) input_password), (unsigned char*)&digest_interim); + SHA1((unsigned char*)&digest_interim, strlen((const char *)digest_interim), (unsigned char*)&digest_final); + char final_hash[SHA_DIGEST_LENGTH * 2 +2]; + for(int i = 0; i < SHA_DIGEST_LENGTH; i++) + sprintf(&final_hash[i*2], "%02X", (unsigned int)digest_final[i]); - // next few lines do '*'+SHA1(raw(SHA1(password))) - // which is MYSQL >=4.1 PASSWORD algorithm - checksum.update(input_password); - std::string interim_hash = checksum.final(); - std::string binary_hash = hex2str(interim_hash); // get interim hash - checksum.update(binary_hash); - interim_hash = checksum.final(); - std::string final_hash = "*" + interim_hash; - std::transform(final_hash.begin(), final_hash.end(), final_hash.begin(), ::toupper); - - Debug (5, "Computed password_hash:%s, stored password_hash:%s", final_hash.c_str(), db_password_hash); - password_correct = (std::string(db_password_hash) == final_hash); + Info ("Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); + Debug (5, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); + password_correct = (strcmp(db_password_hash, final_hash)==0); } else if ((db_password_hash[0] == '$') && (db_password_hash[1]== '2') &&(db_password_hash[3] == '$')) { diff --git a/src/zm_crypt.h b/src/zm_crypt.h index ad4aa06da..a1e8945e4 100644 --- a/src/zm_crypt.h +++ b/src/zm_crypt.h @@ -20,10 +20,13 @@ #ifndef ZM_CRYPT_H #define ZM_CRYPT_H + #include +#include #include "BCrypt.hpp" -#include "sha1.hpp" +#include "jwt.h" bool verifyPassword( const char *username, const char *input_password, const char *db_password_hash); +std::string createToken(); #endif // ZM_CRYPT_H \ No newline at end of file diff --git a/third_party/jwt-cpp b/third_party/jwt-cpp new file mode 160000 index 000000000..dd0337e64 --- /dev/null +++ b/third_party/jwt-cpp @@ -0,0 +1 @@ +Subproject commit dd0337e64c19b5c6290b30429a9eedafadcae4b7 From 4c51747171eb54ee359c03476c377f68c8c4c610 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 4 May 2019 11:57:30 -0400 Subject: [PATCH 019/360] removed vog --- third_party/sha1 | 1 - 1 file changed, 1 deletion(-) delete mode 160000 third_party/sha1 diff --git a/third_party/sha1 b/third_party/sha1 deleted file mode 160000 index 68a099035..000000000 --- a/third_party/sha1 +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 68a0990352c04de43c494e8381264c27ed0b8e7e From 983e050fd7e4370d68cbbed061c6438803ec2c94 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 4 May 2019 15:20:31 -0400 Subject: [PATCH 020/360] fixed SHA1 algo --- src/zm_crypt.cpp | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index cf707aff0..266105c65 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -28,13 +28,27 @@ bool verifyPassword(const char *username, const char *input_password, const char if (db_password_hash[0] == '*') { // MYSQL PASSWORD Info ("%s is using an MD5 encoded password", username); + + SHA_CTX ctx1, ctx2; unsigned char digest_interim[SHA_DIGEST_LENGTH]; unsigned char digest_final[SHA_DIGEST_LENGTH]; - SHA1((unsigned char*)&input_password, strlen((const char *) input_password), (unsigned char*)&digest_interim); - SHA1((unsigned char*)&digest_interim, strlen((const char *)digest_interim), (unsigned char*)&digest_final); + + //get first iteration + SHA1_Init(&ctx1); + SHA1_Update(&ctx1, input_password, strlen(input_password)); + SHA1_Final(digest_interim, &ctx1); + + //2nd iteration + SHA1_Init(&ctx2); + SHA1_Update(&ctx2, digest_interim,SHA_DIGEST_LENGTH); + SHA1_Final (digest_final, &ctx2) + char final_hash[SHA_DIGEST_LENGTH * 2 +2]; + final_hash[0]='*'; + //convert to hex for(int i = 0; i < SHA_DIGEST_LENGTH; i++) - sprintf(&final_hash[i*2], "%02X", (unsigned int)digest_final[i]); + sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]); + final_hash[SHA_DIGEST_LENGTH *2 + 1]=0; Info ("Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); Debug (5, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); From 4c8d20db64f97b8a2ca86ea49529390c887383eb Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 4 May 2019 15:27:00 -0400 Subject: [PATCH 021/360] typo --- src/zm_crypt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 266105c65..6c6f4c7c1 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -41,7 +41,7 @@ bool verifyPassword(const char *username, const char *input_password, const char //2nd iteration SHA1_Init(&ctx2); SHA1_Update(&ctx2, digest_interim,SHA_DIGEST_LENGTH); - SHA1_Final (digest_final, &ctx2) + SHA1_Final (digest_final, &ctx2); char final_hash[SHA_DIGEST_LENGTH * 2 +2]; final_hash[0]='*'; From 725c3c50ed6238410994d48988659b3a28bcc22a Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 5 May 2019 07:08:25 -0400 Subject: [PATCH 022/360] use php-jwt, use proper way to add PHP modules, via composer --- web/composer.json | 5 + web/composer.lock | 64 +++ web/includes/auth.php | 17 + web/vendor/autoload.php | 7 + web/vendor/composer/ClassLoader.php | 445 ++++++++++++++++++ web/vendor/composer/LICENSE | 21 + web/vendor/composer/autoload_classmap.php | 9 + web/vendor/composer/autoload_namespaces.php | 9 + web/vendor/composer/autoload_psr4.php | 10 + web/vendor/composer/autoload_real.php | 52 ++ web/vendor/composer/autoload_static.php | 31 ++ web/vendor/composer/installed.json | 50 ++ web/vendor/firebase/php-jwt/LICENSE | 30 ++ web/vendor/firebase/php-jwt/README.md | 200 ++++++++ web/vendor/firebase/php-jwt/composer.json | 29 ++ .../php-jwt/src/BeforeValidException.php | 7 + .../firebase/php-jwt/src/ExpiredException.php | 7 + web/vendor/firebase/php-jwt/src/JWT.php | 379 +++++++++++++++ .../php-jwt/src/SignatureInvalidException.php | 7 + 19 files changed, 1379 insertions(+) create mode 100644 web/composer.json create mode 100644 web/composer.lock create mode 100644 web/vendor/autoload.php create mode 100644 web/vendor/composer/ClassLoader.php create mode 100644 web/vendor/composer/LICENSE create mode 100644 web/vendor/composer/autoload_classmap.php create mode 100644 web/vendor/composer/autoload_namespaces.php create mode 100644 web/vendor/composer/autoload_psr4.php create mode 100644 web/vendor/composer/autoload_real.php create mode 100644 web/vendor/composer/autoload_static.php create mode 100644 web/vendor/composer/installed.json create mode 100644 web/vendor/firebase/php-jwt/LICENSE create mode 100644 web/vendor/firebase/php-jwt/README.md create mode 100644 web/vendor/firebase/php-jwt/composer.json create mode 100644 web/vendor/firebase/php-jwt/src/BeforeValidException.php create mode 100644 web/vendor/firebase/php-jwt/src/ExpiredException.php create mode 100644 web/vendor/firebase/php-jwt/src/JWT.php create mode 100644 web/vendor/firebase/php-jwt/src/SignatureInvalidException.php diff --git a/web/composer.json b/web/composer.json new file mode 100644 index 000000000..cc22311b1 --- /dev/null +++ b/web/composer.json @@ -0,0 +1,5 @@ +{ + "require": { + "firebase/php-jwt": "^5.0" + } +} diff --git a/web/composer.lock b/web/composer.lock new file mode 100644 index 000000000..b0b368b4f --- /dev/null +++ b/web/composer.lock @@ -0,0 +1,64 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "7f97fc9c4d2beaf06d019ba50f7efcbc", + "packages": [ + { + "name": "firebase/php-jwt", + "version": "v5.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", + "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "require-dev": { + "phpunit/phpunit": " 4.8.35" + }, + "type": "library", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "time": "2017-06-27T22:17:23+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [] +} diff --git a/web/includes/auth.php b/web/includes/auth.php index ef1871164..52391d435 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -19,6 +19,9 @@ // // require_once('session.php'); +require_once ('../vendor/autoload.php'); + +use \Firebase\JWT\JWT; // this function migrates mysql hashing to bcrypt, if you are using PHP >= 5.5 // will be called after successful login, only if mysql hashing is detected @@ -45,7 +48,21 @@ function migrateHash($user, $pass) { // core function used to login a user to PHP. Is also used for cake sessions for the API function userLogin($username='', $password='', $passwordHashed=false) { + global $user; + + $key = "example_key"; + $token = array( + "iss" => "http://example.org", + "aud" => "http://example.com", + "iat" => 1356999524, + "nbf" => 1357000000 + ); + $jwt = JWT::encode($token, $key); + + ZM\Info ("JWT token is $jwt"); + + if ( !$username and isset($_REQUEST['username']) ) $username = $_REQUEST['username']; if ( !$password and isset($_REQUEST['password']) ) diff --git a/web/vendor/autoload.php b/web/vendor/autoload.php new file mode 100644 index 000000000..034205792 --- /dev/null +++ b/web/vendor/autoload.php @@ -0,0 +1,7 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0, PSR-4 and classmap class loader. + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier + * @author Jordi Boggiano + * @see http://www.php-fig.org/psr/psr-0/ + * @see http://www.php-fig.org/psr/psr-4/ + */ +class ClassLoader +{ + // PSR-4 + private $prefixLengthsPsr4 = array(); + private $prefixDirsPsr4 = array(); + private $fallbackDirsPsr4 = array(); + + // PSR-0 + private $prefixesPsr0 = array(); + private $fallbackDirsPsr0 = array(); + + private $useIncludePath = false; + private $classMap = array(); + private $classMapAuthoritative = false; + private $missingClasses = array(); + private $apcuPrefix; + + public function getPrefixes() + { + if (!empty($this->prefixesPsr0)) { + return call_user_func_array('array_merge', $this->prefixesPsr0); + } + + return array(); + } + + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + */ + public function add($prefix, $paths, $prepend = false) + { + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + (array) $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + (array) $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = (array) $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + (array) $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + (array) $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + (array) $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + (array) $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** + * APCu prefix to use to cache found/not-found classes, if the extension is enabled. + * + * @param string|null $apcuPrefix + */ + public function setApcuPrefix($apcuPrefix) + { + $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null; + } + + /** + * The APCu prefix in use, or null if APCu caching is not enabled. + * + * @return string|null + */ + public function getApcuPrefix() + { + return $this->apcuPrefix; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + } + + /** + * Unregisters this instance as an autoloader. + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return bool|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + includeFile($file); + + return true; + } + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) { + return false; + } + if (null !== $this->apcuPrefix) { + $file = apcu_fetch($this->apcuPrefix.$class, $hit); + if ($hit) { + return $file; + } + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if (false === $file && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if (null !== $this->apcuPrefix) { + apcu_add($this->apcuPrefix.$class, $file); + } + + if (false === $file) { + // Remember that this class does not exist. + $this->missingClasses[$class] = true; + } + + return $file; + } + + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + $subPath = $class; + while (false !== $lastPos = strrpos($subPath, '\\')) { + $subPath = substr($subPath, 0, $lastPos); + $search = $subPath . '\\'; + if (isset($this->prefixDirsPsr4[$search])) { + $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); + foreach ($this->prefixDirsPsr4[$search] as $dir) { + if (file_exists($file = $dir . $pathEnd)) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + + return false; + } +} + +/** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + */ +function includeFile($file) +{ + include $file; +} diff --git a/web/vendor/composer/LICENSE b/web/vendor/composer/LICENSE new file mode 100644 index 000000000..f27399a04 --- /dev/null +++ b/web/vendor/composer/LICENSE @@ -0,0 +1,21 @@ + +Copyright (c) Nils Adermann, Jordi Boggiano + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/web/vendor/composer/autoload_classmap.php b/web/vendor/composer/autoload_classmap.php new file mode 100644 index 000000000..7a91153b0 --- /dev/null +++ b/web/vendor/composer/autoload_classmap.php @@ -0,0 +1,9 @@ + array($vendorDir . '/firebase/php-jwt/src'), +); diff --git a/web/vendor/composer/autoload_real.php b/web/vendor/composer/autoload_real.php new file mode 100644 index 000000000..accbcefb3 --- /dev/null +++ b/web/vendor/composer/autoload_real.php @@ -0,0 +1,52 @@ += 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); + if ($useStaticLoader) { + require_once __DIR__ . '/autoload_static.php'; + + call_user_func(\Composer\Autoload\ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b::getInitializer($loader)); + } else { + $map = require __DIR__ . '/autoload_namespaces.php'; + foreach ($map as $namespace => $path) { + $loader->set($namespace, $path); + } + + $map = require __DIR__ . '/autoload_psr4.php'; + foreach ($map as $namespace => $path) { + $loader->setPsr4($namespace, $path); + } + + $classMap = require __DIR__ . '/autoload_classmap.php'; + if ($classMap) { + $loader->addClassMap($classMap); + } + } + + $loader->register(true); + + return $loader; + } +} diff --git a/web/vendor/composer/autoload_static.php b/web/vendor/composer/autoload_static.php new file mode 100644 index 000000000..2709f5803 --- /dev/null +++ b/web/vendor/composer/autoload_static.php @@ -0,0 +1,31 @@ + + array ( + 'Firebase\\JWT\\' => 13, + ), + ); + + public static $prefixDirsPsr4 = array ( + 'Firebase\\JWT\\' => + array ( + 0 => __DIR__ . '/..' . '/firebase/php-jwt/src', + ), + ); + + public static function getInitializer(ClassLoader $loader) + { + return \Closure::bind(function () use ($loader) { + $loader->prefixLengthsPsr4 = ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b::$prefixLengthsPsr4; + $loader->prefixDirsPsr4 = ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b::$prefixDirsPsr4; + + }, null, ClassLoader::class); + } +} diff --git a/web/vendor/composer/installed.json b/web/vendor/composer/installed.json new file mode 100644 index 000000000..5b2924c21 --- /dev/null +++ b/web/vendor/composer/installed.json @@ -0,0 +1,50 @@ +[ + { + "name": "firebase/php-jwt", + "version": "v5.0.0", + "version_normalized": "5.0.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", + "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "require-dev": { + "phpunit/phpunit": " 4.8.35" + }, + "time": "2017-06-27T22:17:23+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt" + } +] diff --git a/web/vendor/firebase/php-jwt/LICENSE b/web/vendor/firebase/php-jwt/LICENSE new file mode 100644 index 000000000..cb0c49b33 --- /dev/null +++ b/web/vendor/firebase/php-jwt/LICENSE @@ -0,0 +1,30 @@ +Copyright (c) 2011, Neuman Vong + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + * Neither the name of Neuman Vong nor the names of other + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/web/vendor/firebase/php-jwt/README.md b/web/vendor/firebase/php-jwt/README.md new file mode 100644 index 000000000..b1a7a3a20 --- /dev/null +++ b/web/vendor/firebase/php-jwt/README.md @@ -0,0 +1,200 @@ +[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt) +[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt) +[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt) +[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt) + +PHP-JWT +======= +A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519). + +Installation +------------ + +Use composer to manage your dependencies and download PHP-JWT: + +```bash +composer require firebase/php-jwt +``` + +Example +------- +```php + "http://example.org", + "aud" => "http://example.com", + "iat" => 1356999524, + "nbf" => 1357000000 +); + +/** + * IMPORTANT: + * You must specify supported algorithms for your application. See + * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 + * for a list of spec-compliant algorithms. + */ +$jwt = JWT::encode($token, $key); +$decoded = JWT::decode($jwt, $key, array('HS256')); + +print_r($decoded); + +/* + NOTE: This will now be an object instead of an associative array. To get + an associative array, you will need to cast it as such: +*/ + +$decoded_array = (array) $decoded; + +/** + * You can add a leeway to account for when there is a clock skew times between + * the signing and verifying servers. It is recommended that this leeway should + * not be bigger than a few minutes. + * + * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef + */ +JWT::$leeway = 60; // $leeway in seconds +$decoded = JWT::decode($jwt, $key, array('HS256')); + +?> +``` +Example with RS256 (openssl) +---------------------------- +```php + "example.org", + "aud" => "example.com", + "iat" => 1356999524, + "nbf" => 1357000000 +); + +$jwt = JWT::encode($token, $privateKey, 'RS256'); +echo "Encode:\n" . print_r($jwt, true) . "\n"; + +$decoded = JWT::decode($jwt, $publicKey, array('RS256')); + +/* + NOTE: This will now be an object instead of an associative array. To get + an associative array, you will need to cast it as such: +*/ + +$decoded_array = (array) $decoded; +echo "Decode:\n" . print_r($decoded_array, true) . "\n"; +?> +``` + +Changelog +--------- + +#### 5.0.0 / 2017-06-26 +- Support RS384 and RS512. + See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)! +- Add an example for RS256 openssl. + See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)! +- Detect invalid Base64 encoding in signature. + See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)! +- Update `JWT::verify` to handle OpenSSL errors. + See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)! +- Add `array` type hinting to `decode` method + See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)! +- Add all JSON error types. + See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)! +- Bugfix 'kid' not in given key list. + See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)! +- Miscellaneous cleanup, documentation and test fixes. + See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115), + [#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and + [#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman), + [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)! + +#### 4.0.0 / 2016-07-17 +- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)! +- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)! +- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)! +- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)! + +#### 3.0.0 / 2015-07-22 +- Minimum PHP version updated from `5.2.0` to `5.3.0`. +- Add `\Firebase\JWT` namespace. See +[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to +[@Dashron](https://github.com/Dashron)! +- Require a non-empty key to decode and verify a JWT. See +[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to +[@sjones608](https://github.com/sjones608)! +- Cleaner documentation blocks in the code. See +[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to +[@johanderuijter](https://github.com/johanderuijter)! + +#### 2.2.0 / 2015-06-22 +- Add support for adding custom, optional JWT headers to `JWT::encode()`. See +[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to +[@mcocaro](https://github.com/mcocaro)! + +#### 2.1.0 / 2015-05-20 +- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew +between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! +- Add support for passing an object implementing the `ArrayAccess` interface for +`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)! + +#### 2.0.0 / 2015-04-01 +- **Note**: It is strongly recommended that you update to > v2.0.0 to address + known security vulnerabilities in prior versions when both symmetric and + asymmetric keys are used together. +- Update signature for `JWT::decode(...)` to require an array of supported + algorithms to use when verifying token signatures. + + +Tests +----- +Run the tests using phpunit: + +```bash +$ pear install PHPUnit +$ phpunit --configuration phpunit.xml.dist +PHPUnit 3.7.10 by Sebastian Bergmann. +..... +Time: 0 seconds, Memory: 2.50Mb +OK (5 tests, 5 assertions) +``` + +New Lines in private keys +----- + +If your private key contains `\n` characters, be sure to wrap it in double quotes `""` +and not single quotes `''` in order to properly interpret the escaped characters. + +License +------- +[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). diff --git a/web/vendor/firebase/php-jwt/composer.json b/web/vendor/firebase/php-jwt/composer.json new file mode 100644 index 000000000..b76ffd191 --- /dev/null +++ b/web/vendor/firebase/php-jwt/composer.json @@ -0,0 +1,29 @@ +{ + "name": "firebase/php-jwt", + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "license": "BSD-3-Clause", + "require": { + "php": ">=5.3.0" + }, + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "require-dev": { + "phpunit/phpunit": " 4.8.35" + } +} diff --git a/web/vendor/firebase/php-jwt/src/BeforeValidException.php b/web/vendor/firebase/php-jwt/src/BeforeValidException.php new file mode 100644 index 000000000..a6ee2f7c6 --- /dev/null +++ b/web/vendor/firebase/php-jwt/src/BeforeValidException.php @@ -0,0 +1,7 @@ + + * @author Anant Narayanan + * @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD + * @link https://github.com/firebase/php-jwt + */ +class JWT +{ + + /** + * When checking nbf, iat or expiration times, + * we want to provide some extra leeway time to + * account for clock skew. + */ + public static $leeway = 0; + + /** + * Allow the current timestamp to be specified. + * Useful for fixing a value within unit testing. + * + * Will default to PHP time() value if null. + */ + public static $timestamp = null; + + public static $supported_algs = array( + 'HS256' => array('hash_hmac', 'SHA256'), + 'HS512' => array('hash_hmac', 'SHA512'), + 'HS384' => array('hash_hmac', 'SHA384'), + 'RS256' => array('openssl', 'SHA256'), + 'RS384' => array('openssl', 'SHA384'), + 'RS512' => array('openssl', 'SHA512'), + ); + + /** + * Decodes a JWT string into a PHP object. + * + * @param string $jwt The JWT + * @param string|array $key The key, or map of keys. + * If the algorithm used is asymmetric, this is the public key + * @param array $allowed_algs List of supported verification algorithms + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return object The JWT's payload as a PHP object + * + * @throws UnexpectedValueException Provided JWT was invalid + * @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed + * @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf' + * @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat' + * @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim + * + * @uses jsonDecode + * @uses urlsafeB64Decode + */ + public static function decode($jwt, $key, array $allowed_algs = array()) + { + $timestamp = is_null(static::$timestamp) ? time() : static::$timestamp; + + if (empty($key)) { + throw new InvalidArgumentException('Key may not be empty'); + } + $tks = explode('.', $jwt); + if (count($tks) != 3) { + throw new UnexpectedValueException('Wrong number of segments'); + } + list($headb64, $bodyb64, $cryptob64) = $tks; + if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) { + throw new UnexpectedValueException('Invalid header encoding'); + } + if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) { + throw new UnexpectedValueException('Invalid claims encoding'); + } + if (false === ($sig = static::urlsafeB64Decode($cryptob64))) { + throw new UnexpectedValueException('Invalid signature encoding'); + } + if (empty($header->alg)) { + throw new UnexpectedValueException('Empty algorithm'); + } + if (empty(static::$supported_algs[$header->alg])) { + throw new UnexpectedValueException('Algorithm not supported'); + } + if (!in_array($header->alg, $allowed_algs)) { + throw new UnexpectedValueException('Algorithm not allowed'); + } + if (is_array($key) || $key instanceof \ArrayAccess) { + if (isset($header->kid)) { + if (!isset($key[$header->kid])) { + throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key'); + } + $key = $key[$header->kid]; + } else { + throw new UnexpectedValueException('"kid" empty, unable to lookup correct key'); + } + } + + // Check the signature + if (!static::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { + throw new SignatureInvalidException('Signature verification failed'); + } + + // Check if the nbf if it is defined. This is the time that the + // token can actually be used. If it's not yet that time, abort. + if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) + ); + } + + // Check that this token has been created before 'now'. This prevents + // using tokens that have been created for later use (and haven't + // correctly used the nbf claim). + if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) + ); + } + + // Check if this token has expired. + if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) { + throw new ExpiredException('Expired token'); + } + + return $payload; + } + + /** + * Converts and signs a PHP object or array into a JWT string. + * + * @param object|array $payload PHP object or array + * @param string $key The secret key. + * If the algorithm used is asymmetric, this is the private key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param mixed $keyId + * @param array $head An array with header elements to attach + * + * @return string A signed JWT + * + * @uses jsonEncode + * @uses urlsafeB64Encode + */ + public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) + { + $header = array('typ' => 'JWT', 'alg' => $alg); + if ($keyId !== null) { + $header['kid'] = $keyId; + } + if ( isset($head) && is_array($head) ) { + $header = array_merge($head, $header); + } + $segments = array(); + $segments[] = static::urlsafeB64Encode(static::jsonEncode($header)); + $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload)); + $signing_input = implode('.', $segments); + + $signature = static::sign($signing_input, $key, $alg); + $segments[] = static::urlsafeB64Encode($signature); + + return implode('.', $segments); + } + + /** + * Sign a string with a given key and algorithm. + * + * @param string $msg The message to sign + * @param string|resource $key The secret key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return string An encrypted message + * + * @throws DomainException Unsupported algorithm was specified + */ + public static function sign($msg, $key, $alg = 'HS256') + { + if (empty(static::$supported_algs[$alg])) { + throw new DomainException('Algorithm not supported'); + } + list($function, $algorithm) = static::$supported_algs[$alg]; + switch($function) { + case 'hash_hmac': + return hash_hmac($algorithm, $msg, $key, true); + case 'openssl': + $signature = ''; + $success = openssl_sign($msg, $signature, $key, $algorithm); + if (!$success) { + throw new DomainException("OpenSSL unable to sign data"); + } else { + return $signature; + } + } + } + + /** + * Verify a signature with the message, key and method. Not all methods + * are symmetric, so we must have a separate verify and sign method. + * + * @param string $msg The original message (header and body) + * @param string $signature The original signature + * @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key + * @param string $alg The algorithm + * + * @return bool + * + * @throws DomainException Invalid Algorithm or OpenSSL failure + */ + private static function verify($msg, $signature, $key, $alg) + { + if (empty(static::$supported_algs[$alg])) { + throw new DomainException('Algorithm not supported'); + } + + list($function, $algorithm) = static::$supported_algs[$alg]; + switch($function) { + case 'openssl': + $success = openssl_verify($msg, $signature, $key, $algorithm); + if ($success === 1) { + return true; + } elseif ($success === 0) { + return false; + } + // returns 1 on success, 0 on failure, -1 on error. + throw new DomainException( + 'OpenSSL error: ' . openssl_error_string() + ); + case 'hash_hmac': + default: + $hash = hash_hmac($algorithm, $msg, $key, true); + if (function_exists('hash_equals')) { + return hash_equals($signature, $hash); + } + $len = min(static::safeStrlen($signature), static::safeStrlen($hash)); + + $status = 0; + for ($i = 0; $i < $len; $i++) { + $status |= (ord($signature[$i]) ^ ord($hash[$i])); + } + $status |= (static::safeStrlen($signature) ^ static::safeStrlen($hash)); + + return ($status === 0); + } + } + + /** + * Decode a JSON string into a PHP object. + * + * @param string $input JSON string + * + * @return object Object representation of JSON string + * + * @throws DomainException Provided string was invalid JSON + */ + public static function jsonDecode($input) + { + if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) { + /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you + * to specify that large ints (like Steam Transaction IDs) should be treated as + * strings, rather than the PHP default behaviour of converting them to floats. + */ + $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); + } else { + /** Not all servers will support that, however, so for older versions we must + * manually detect large ints in the JSON string and quote them (thus converting + *them to strings) before decoding, hence the preg_replace() call. + */ + $max_int_length = strlen((string) PHP_INT_MAX) - 1; + $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); + $obj = json_decode($json_without_bigints); + } + + if (function_exists('json_last_error') && $errno = json_last_error()) { + static::handleJsonError($errno); + } elseif ($obj === null && $input !== 'null') { + throw new DomainException('Null result with non-null input'); + } + return $obj; + } + + /** + * Encode a PHP object into a JSON string. + * + * @param object|array $input A PHP object or array + * + * @return string JSON representation of the PHP object or array + * + * @throws DomainException Provided object could not be encoded to valid JSON + */ + public static function jsonEncode($input) + { + $json = json_encode($input); + if (function_exists('json_last_error') && $errno = json_last_error()) { + static::handleJsonError($errno); + } elseif ($json === 'null' && $input !== null) { + throw new DomainException('Null result with non-null input'); + } + return $json; + } + + /** + * Decode a string with URL-safe Base64. + * + * @param string $input A Base64 encoded string + * + * @return string A decoded string + */ + public static function urlsafeB64Decode($input) + { + $remainder = strlen($input) % 4; + if ($remainder) { + $padlen = 4 - $remainder; + $input .= str_repeat('=', $padlen); + } + return base64_decode(strtr($input, '-_', '+/')); + } + + /** + * Encode a string with URL-safe Base64. + * + * @param string $input The string you want encoded + * + * @return string The base64 encode of what you passed in + */ + public static function urlsafeB64Encode($input) + { + return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); + } + + /** + * Helper method to create a JSON error. + * + * @param int $errno An error number from json_last_error() + * + * @return void + */ + private static function handleJsonError($errno) + { + $messages = array( + JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', + JSON_ERROR_STATE_MISMATCH => 'Invalid or malformed JSON', + JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', + JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON', + JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3 + ); + throw new DomainException( + isset($messages[$errno]) + ? $messages[$errno] + : 'Unknown JSON error: ' . $errno + ); + } + + /** + * Get the number of bytes in cryptographic strings. + * + * @param string + * + * @return int + */ + private static function safeStrlen($str) + { + if (function_exists('mb_strlen')) { + return mb_strlen($str, '8bit'); + } + return strlen($str); + } +} diff --git a/web/vendor/firebase/php-jwt/src/SignatureInvalidException.php b/web/vendor/firebase/php-jwt/src/SignatureInvalidException.php new file mode 100644 index 000000000..27332b21b --- /dev/null +++ b/web/vendor/firebase/php-jwt/src/SignatureInvalidException.php @@ -0,0 +1,7 @@ + Date: Sun, 5 May 2019 07:50:52 -0400 Subject: [PATCH 023/360] fixed module path --- web/.gitignore | 2 +- web/includes/auth.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/web/.gitignore b/web/.gitignore index 90d971d4b..354e5470b 100644 --- a/web/.gitignore +++ b/web/.gitignore @@ -4,8 +4,8 @@ /app/tmp /lib/Cake/Console/Templates/skel/tmp/ /plugins -/vendors /build +/vendors /dist /tags /app/webroot/events diff --git a/web/includes/auth.php b/web/includes/auth.php index 52391d435..7c8c24527 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -19,7 +19,7 @@ // // require_once('session.php'); -require_once ('../vendor/autoload.php'); +require_once(__DIR__.'/../vendor/autoload.php'); use \Firebase\JWT\JWT; From a55a11dad1249d6db7a0cfb578e5752cf6bb9186 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 5 May 2019 11:24:55 -0400 Subject: [PATCH 024/360] first attempt to fix cast error --- .gitmodules | 3 --- web/includes/auth.php | 33 ++++++++++++++++++++++----------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/.gitmodules b/.gitmodules index f5bcf359d..2ec483d25 100644 --- a/.gitmodules +++ b/.gitmodules @@ -8,6 +8,3 @@ [submodule "third_party/bcrypt"] path = third_party/bcrypt url = https://github.com/pliablepixels/libbcrypt -[submodule "third_party/jwt-cpp"] - path = third_party/jwt-cpp - url = https://github.com/Thalhammer/jwt-cpp diff --git a/web/includes/auth.php b/web/includes/auth.php index 7c8c24527..3f575d4c2 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -51,16 +51,7 @@ function userLogin($username='', $password='', $passwordHashed=false) { global $user; - $key = "example_key"; - $token = array( - "iss" => "http://example.org", - "aud" => "http://example.com", - "iat" => 1356999524, - "nbf" => 1357000000 - ); - $jwt = JWT::encode($token, $key); - - ZM\Info ("JWT token is $jwt"); + if ( !$username and isset($_REQUEST['username']) ) @@ -233,8 +224,28 @@ function getAuthUser($auth) { function generateAuthHash($useRemoteAddr, $force=false) { if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) { - # regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800 $time = time(); + $key = ZM_AUTH_HASH_SECRET; + $issuedAt = time(); + $expireAt = $issuedAt + ZM_AUTH_HASH_TTL * 3600; + + + $token = array( + "iss" => "ZoneMinder", + "iat" => $issuedAt, + "exp" => $expireAt + + ); + + if ($useRemoteAddr) { + $token['remote_addr'] = $_SESSION['remoteAddr']; + } + + + $jwt = JWT::encode($token, $key); + + ZM\Info ("JWT token is $jwt"); + $mintime = $time - ( ZM_AUTH_HASH_TTL * 1800 ); if ( $force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime ) ) { From e9d3dd1987cc8c658607508df9b681183cdcfbd7 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 5 May 2019 11:26:01 -0400 Subject: [PATCH 025/360] own fork --- third_party/jwt-cpp | 1 - 1 file changed, 1 deletion(-) delete mode 160000 third_party/jwt-cpp diff --git a/third_party/jwt-cpp b/third_party/jwt-cpp deleted file mode 160000 index dd0337e64..000000000 --- a/third_party/jwt-cpp +++ /dev/null @@ -1 +0,0 @@ -Subproject commit dd0337e64c19b5c6290b30429a9eedafadcae4b7 From 31c7cc31a28197795f0c8bcbd202de5bf2364e95 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 5 May 2019 11:26:20 -0400 Subject: [PATCH 026/360] own fork --- .gitmodules | 3 +++ third_party/jwt-cpp | 1 + 2 files changed, 4 insertions(+) create mode 160000 third_party/jwt-cpp diff --git a/.gitmodules b/.gitmodules index 2ec483d25..0bbfbb368 100644 --- a/.gitmodules +++ b/.gitmodules @@ -8,3 +8,6 @@ [submodule "third_party/bcrypt"] path = third_party/bcrypt url = https://github.com/pliablepixels/libbcrypt +[submodule "third_party/jwt-cpp"] + path = third_party/jwt-cpp + url = https://github.com/pliablepixels/jwt-cpp diff --git a/third_party/jwt-cpp b/third_party/jwt-cpp new file mode 160000 index 000000000..3dbc5a092 --- /dev/null +++ b/third_party/jwt-cpp @@ -0,0 +1 @@ +Subproject commit 3dbc5a0929aa3e53a47cbffac546f3d7877c41b5 From 37040f33a824f6075c32ca4834ae500e250cc76e Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 5 May 2019 12:49:33 -0400 Subject: [PATCH 027/360] add composer vendor directory --- web/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/CMakeLists.txt b/web/CMakeLists.txt index 50e5f9998..b3d097739 100644 --- a/web/CMakeLists.txt +++ b/web/CMakeLists.txt @@ -9,7 +9,7 @@ add_subdirectory(tools/mootools) configure_file(includes/config.php.in "${CMAKE_CURRENT_BINARY_DIR}/includes/config.php" @ONLY) # Install the web files -install(DIRECTORY api ajax css fonts graphics includes js lang skins tools views DESTINATION "${ZM_WEBDIR}" PATTERN "*.in" EXCLUDE PATTERN "*Make*" EXCLUDE PATTERN "*cmake*" EXCLUDE) +install(DIRECTORY vendor api ajax css fonts graphics includes js lang skins tools views DESTINATION "${ZM_WEBDIR}" PATTERN "*.in" EXCLUDE PATTERN "*Make*" EXCLUDE PATTERN "*cmake*" EXCLUDE) install(FILES index.php robots.txt DESTINATION "${ZM_WEBDIR}") install(FILES "${CMAKE_CURRENT_BINARY_DIR}/includes/config.php" DESTINATION "${ZM_WEBDIR}/includes") From ca3f65deef7f7664cef0af55c4e874dcd8b3e51f Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 5 May 2019 14:32:09 -0400 Subject: [PATCH 028/360] go back to jwt-cpp as PR merged --- .gitmodules | 3 --- third_party/jwt-cpp | 1 - web/includes/auth.php | 3 ++- 3 files changed, 2 insertions(+), 5 deletions(-) delete mode 160000 third_party/jwt-cpp diff --git a/.gitmodules b/.gitmodules index 0bbfbb368..2ec483d25 100644 --- a/.gitmodules +++ b/.gitmodules @@ -8,6 +8,3 @@ [submodule "third_party/bcrypt"] path = third_party/bcrypt url = https://github.com/pliablepixels/libbcrypt -[submodule "third_party/jwt-cpp"] - path = third_party/jwt-cpp - url = https://github.com/pliablepixels/jwt-cpp diff --git a/third_party/jwt-cpp b/third_party/jwt-cpp deleted file mode 160000 index 3dbc5a092..000000000 --- a/third_party/jwt-cpp +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 3dbc5a0929aa3e53a47cbffac546f3d7877c41b5 diff --git a/web/includes/auth.php b/web/includes/auth.php index 3f575d4c2..b6340bcfc 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -233,7 +233,8 @@ function generateAuthHash($useRemoteAddr, $force=false) { $token = array( "iss" => "ZoneMinder", "iat" => $issuedAt, - "exp" => $expireAt + "exp" => $expireAt, + "user" => $_SESSION['username'] ); From 37f915ec0f912aca5a5fd2945ad4e5d1a11954d2 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 5 May 2019 14:32:54 -0400 Subject: [PATCH 029/360] moved to jwt-cpp after PR merge --- .gitmodules | 3 +++ third_party/jwt-cpp | 1 + 2 files changed, 4 insertions(+) create mode 160000 third_party/jwt-cpp diff --git a/.gitmodules b/.gitmodules index 2ec483d25..f5bcf359d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -8,3 +8,6 @@ [submodule "third_party/bcrypt"] path = third_party/bcrypt url = https://github.com/pliablepixels/libbcrypt +[submodule "third_party/jwt-cpp"] + path = third_party/jwt-cpp + url = https://github.com/Thalhammer/jwt-cpp diff --git a/third_party/jwt-cpp b/third_party/jwt-cpp new file mode 160000 index 000000000..bfca4f6a8 --- /dev/null +++ b/third_party/jwt-cpp @@ -0,0 +1 @@ +Subproject commit bfca4f6a87bfd9d9a259939d0524169827a3a862 From 0bbc58297138856b9015f03b1d49e04ab5b14ba3 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Tue, 7 May 2019 15:03:13 -0400 Subject: [PATCH 030/360] New token= query for JWT --- web/api/app/Controller/AppController.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php index 51575f055..840a14f58 100644 --- a/web/api/app/Controller/AppController.php +++ b/web/api/app/Controller/AppController.php @@ -73,19 +73,27 @@ class AppController extends Controller { $mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user'); $mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass'); - $mAuth = $this->request->query('auth') ? $this->request->query('auth') : $this->request->data('auth'); + $mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token'); if ( $mUser and $mPassword ) { - $user = userLogin($mUser, $mPassword); + $user = userLogin($mUser, $mPassword, true); if ( !$user ) { throw new UnauthorizedException(__('User not found or incorrect password')); return; } - } else if ( $mAuth ) { - $user = getAuthUser($mAuth); + } else if ( $mToken ) { + $ret = validateToken($mToken); + $user = $ret[0]; + $retstatus = $ret[1]; if ( !$user ) { - throw new UnauthorizedException(__('Invalid Auth Key')); + throw new UnauthorizedException(__($retstatus)); return; + } else if ( $mAuth ) { + $user = getAuthUser($mAuth); + if ( !$user ) { + throw new UnauthorizedException(__('Invalid Auth Key')); + return; + } } } // We need to reject methods that are not authenticated From d36c1f5d3ce9b55713d0600354d81296c988e5af Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Tue, 7 May 2019 15:04:12 -0400 Subject: [PATCH 031/360] Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading --- web/api/app/Controller/HostController.php | 97 +++++++++++++++-------- 1 file changed, 63 insertions(+), 34 deletions(-) diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 05b2ed3fa..d2a9cb203 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -31,17 +31,22 @@ class HostController extends AppController { } function login() { - $cred = $this->_getCredentials(); + $cred_depr = $this->_getCredentialsDeprecated(); $ver = $this->_getVersion(); $this->set(array( - 'credentials' => $cred[0], - 'append_password'=>$cred[1], + 'token'=>$cred[0], + 'token_expires'=>$cred[1] * 3600, // takes AUTH_HASH_TTL || 2 hrs as the default + 'credentials'=>$cred_depr[0], + 'append_password'=>$cred_depr[1], 'version' => $ver[0], 'apiversion' => $ver[1], - '_serialize' => array('credentials', - 'append_password', + '_serialize' => array( + 'token', + 'token_expires', 'version', + 'credentials', + 'append_password', 'apiversion' ))); } // end function login() @@ -56,41 +61,65 @@ class HostController extends AppController { )); } // end function logout() - - private function _getCredentials() { + + private function _getCredentialsDeprecated() { $credentials = ''; $appendPassword = 0; - $this->loadModel('Config'); - $isZmAuth = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH')))['Config']['Value']; - - if ( $isZmAuth ) { - // In future, we may want to completely move to AUTH_HASH_LOGINS and return &auth= for all cases - require_once __DIR__ .'/../../../includes/auth.php'; # in the event we directly call getCredentials.json - - $zmAuthRelay = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_RELAY')))['Config']['Value']; - if ( $zmAuthRelay == 'hashed' ) { - $zmAuthHashIps = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_HASH_IPS')))['Config']['Value']; - // make sure auth is regenerated each time we call this API - $credentials = 'auth='.generateAuthHash($zmAuthHashIps,true); - } else { - // user will need to append the store password here + if (ZM_OPT_USE_AUTH) { + require_once __DIR__ .'/../../../includes/auth.php'; + if (ZM_AUTH_RELAY=='hashed') { + $credentials = 'auth='.generateAuthHash(ZM_AUTH_HASH_IPS,true); + } + else { $credentials = 'user='.$this->Session->read('Username').'&pass='; $appendPassword = 1; } + return array($credentials, $appendPassword); } - return array($credentials, $appendPassword); - } // end function _getCredentials - - function getCredentials() { - // ignore debug warnings from other functions - $this->view='Json'; - $val = $this->_getCredentials(); - $this->set(array( - 'credentials'=> $val[0], - 'append_password'=>$val[1], - '_serialize' => array('credentials', 'append_password') - ) ); } + + private function _getCredentials() { + $credentials = ''; + $this->loadModel('Config'); + + $isZmAuth = ZM_OPT_USE_AUTH; + $jwt = ''; + $ttl = ''; + + if ( $isZmAuth ) { + require_once __DIR__ .'/../../../includes/auth.php'; + require_once __DIR__.'/../../../vendor/autoload.php'; + $zmAuthRelay = ZM_AUTH_RELAY; + $zmAuthHashIps = NULL; + if ( $zmAuthRelay == 'hashed' ) { + $zmAuthHashIps = ZM_AUTH_HASH_IPS; + } + + $key = ZM_AUTH_HASH_SECRET; + if ($zmAuthHashIps) { + $key = $key . $_SERVER['REMOTE_ADDR']; + } + $issuedAt = time(); + $ttl = ZM_AUTH_HASH_TTL || 2; + + // print ("relay=".$zmAuthRelay." haship=".$zmAuthHashIps." remote ip=".$_SERVER['REMOTE_ADDR']); + + $expireAt = $issuedAt + $ttl * 3600; + $expireAt = $issuedAt + 30; // TEST REMOVE + + $token = array( + "iss" => "ZoneMinder", + "iat" => $issuedAt, + "exp" => $expireAt, + "user" => $_SESSION['username'] + ); + + //use \Firebase\JWT\JWT; + $jwt = \Firebase\JWT\JWT::encode($token, $key, 'HS256'); + + } + return array($jwt, $ttl); + } // end function _getCredentials // If $mid is set, only return disk usage for that monitor // Else, return an array of total disk usage, and per-monitor @@ -169,7 +198,7 @@ class HostController extends AppController { private function _getVersion() { $version = Configure::read('ZM_VERSION'); - $apiversion = '1.0'; + $apiversion = '2.0'; return array($version, $apiversion); } From e8f79f32549aef1cd4a1c4fbcb81ad008df67944 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Tue, 7 May 2019 15:04:51 -0400 Subject: [PATCH 032/360] JWT integration, validate JWT token via validateToken --- web/includes/auth.php | 83 +++++++++++++++++++++++++++++-------------- 1 file changed, 56 insertions(+), 27 deletions(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index b6340bcfc..07e4be65f 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -46,14 +46,12 @@ function migrateHash($user, $pass) { } + // core function used to login a user to PHP. Is also used for cake sessions for the API -function userLogin($username='', $password='', $passwordHashed=false) { +function userLogin($username='', $password='', $passwordHashed=false, $apiLogin = false) { global $user; - - - if ( !$username and isset($_REQUEST['username']) ) $username = $_REQUEST['username']; if ( !$password and isset($_REQUEST['password']) ) @@ -61,7 +59,9 @@ function userLogin($username='', $password='', $passwordHashed=false) { // if true, a popup will display after login // lets validate reCaptcha if it exists - if ( defined('ZM_OPT_USE_GOOG_RECAPTCHA') + // this only applies if it userLogin was not called from API layer + if (!$apiLogin + && defined('ZM_OPT_USE_GOOG_RECAPTCHA') && defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY') && defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY') && ZM_OPT_USE_GOOG_RECAPTCHA @@ -76,7 +76,7 @@ function userLogin($username='', $password='', $passwordHashed=false) { ); $res = do_post_request($url, http_build_query($fields)); $responseData = json_decode($res,true); - // PP - credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php + // credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php // if recaptcha resulted in error, we might have to deny login if ( isset($responseData['success']) && $responseData['success'] == false ) { // PP - before we deny auth, let's make sure the error was not 'invalid secret' @@ -140,7 +140,7 @@ function userLogin($username='', $password='', $passwordHashed=false) { ZM\Error ("Could not retrieve user $username details"); $_SESSION['loginFailed'] = true; unset($user); - return; + return false; } $close_session = 0; @@ -184,6 +184,53 @@ function userLogout() { zm_session_clear(); } + +function validateToken ($token) { + global $user; + $key = ZM_AUTH_HASH_SECRET; + if (ZM_AUTH_HASH_IPS) $key .= $_SERVER['REMOTE_ADDR']; + try { + $decoded_token = JWT::decode($token, $key, array('HS256')); + } catch (Exception $e) { + ZM\Error("Unable to authenticate user. error decoding JWT token:".$e->getMessage()); + + return array(false, $e->getMessage()); + } + + // convert from stdclass to array + $jwt_payload = json_decode(json_encode($decoded_token), true); + $username = $jwt_payload['user']; + $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username = ?'; + $sql_values = array($username); + + $saved_user_details = dbFetchOne ($sql, NULL, $sql_values); + + if ($saved_user_details) { + $user = $saved_user_details; + return array($user, "OK"); + } else { + ZM\Error ("Could not retrieve user $username details"); + $_SESSION['loginFailed'] = true; + unset($user); + return array(false, "No such user/credentials"); + } + + + // We are NOT checking against session username for now... + /* + // at this stage, token is valid, but lets validate user with session user + ZM\Info ("JWT user is ".$jwt['user']); + if ($jwt['user'] != $_SESSION['username']) { + ZM\Error ("Unable to authenticate user. Token doesn't belong to current user"); + return false; + } else { + ZM\Info ("Token validated for user:".$_SESSION['username']); + return $user; + } + */ + +} + function getAuthUser($auth) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' && !empty($auth) ) { $remoteAddr = ''; @@ -222,31 +269,13 @@ function getAuthUser($auth) { return false; } // end getAuthUser($auth) + + function generateAuthHash($useRemoteAddr, $force=false) { if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) { $time = time(); - $key = ZM_AUTH_HASH_SECRET; - $issuedAt = time(); - $expireAt = $issuedAt + ZM_AUTH_HASH_TTL * 3600; - $token = array( - "iss" => "ZoneMinder", - "iat" => $issuedAt, - "exp" => $expireAt, - "user" => $_SESSION['username'] - - ); - - if ($useRemoteAddr) { - $token['remote_addr'] = $_SESSION['remoteAddr']; - } - - - $jwt = JWT::encode($token, $key); - - ZM\Info ("JWT token is $jwt"); - $mintime = $time - ( ZM_AUTH_HASH_TTL * 1800 ); if ( $force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime ) ) { From b293592e4c1655b9a5f1a79bd201a9ea33a75468 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 10:55:32 -0400 Subject: [PATCH 033/360] added token validation to zms/zmu/zmuser --- src/zm_user.cpp | 64 +++++++++++++++++++++++ src/zm_user.h | 1 + src/zms.cpp | 13 ++++- src/zmu.cpp | 12 ++++- web/api/app/Controller/HostController.php | 2 +- web/includes/auth.php | 14 ----- 6 files changed, 87 insertions(+), 19 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 8766a2e8f..c0f622b15 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -139,6 +139,70 @@ User *zmLoadUser( const char *username, const char *password ) { } +User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { + std::string key = config.auth_hash_secret; + std::string remote_addr = ""; + if (use_remote_addr) { + remote_addr = std::string(getenv( "REMOTE_ADDR" )); + if ( remote_addr == "" ) { + Warning( "Can't determine remote address, using null" ); + remote_addr = ""; + } + key += remote_addr; + } + + + Info ("Inside zmLoadTokenUser, formed key=%s", key.c_str()); + + auto decoded = jwt::decode(jwt_token_str); + + auto verifier = jwt::verify() + .allow_algorithm(jwt::algorithm::hs256{ key }) + .with_issuer("ZoneMinder"); + try { + verifier.verify(decoded); + } + catch (const Exception &e) { + Error( "Unable to verify token: %s", e.getMessage().c_str() ); + return 0; + } + // token is valid and not expired + if (decoded.has_payload_claim("user")) { + + // We only need to check if user is enabled in DB and pass on + // correct access permissions + std::string username = decoded.get_payload_claim("user").as_string(); + Info ("Got %s as user claim from token", username.c_str()); + char sql[ZM_SQL_MED_BUFSIZ] = ""; + snprintf(sql, sizeof(sql), + "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" + " FROM Users where Username = '%s' and Enabled = 1", username.c_str() ); + + MYSQL_RES *result = mysql_store_result(&dbconn); + if ( !result ) { + Error("Can't use query result: %s", mysql_error(&dbconn)); + exit(mysql_errno(&dbconn)); + } + int n_users = mysql_num_rows(result); + + if ( n_users != 1 ) { + mysql_free_result(result); + Warning("Unable to authenticate user %s", username); + return NULL; + } + + MYSQL_ROW dbrow = mysql_fetch_row(result); + User *user = new User(dbrow); + Info ("Authenticated user '%s' via token", username.c_str()); + return user; + + } + else { + Error ("User not found in claim"); + return 0; + } +} + // Function to validate an authentication string User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) { #if HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT diff --git a/src/zm_user.h b/src/zm_user.h index 00c61185b..04842b318 100644 --- a/src/zm_user.h +++ b/src/zm_user.h @@ -77,6 +77,7 @@ public: User *zmLoadUser( const char *username, const char *password=0 ); User *zmLoadAuthUser( const char *auth, bool use_remote_addr ); +User *zmLoadTokenUser( std::string jwt, bool use_remote_addr); bool checkUser ( const char *username); bool checkPass (const char *password); diff --git a/src/zms.cpp b/src/zms.cpp index 0a3712938..0d4a22f45 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -70,6 +70,7 @@ int main( int argc, const char *argv[] ) { std::string username; std::string password; char auth[64] = ""; + std::string jwt_token_str = ""; unsigned int connkey = 0; unsigned int playback_buffer = 0; @@ -158,6 +159,10 @@ int main( int argc, const char *argv[] ) { playback_buffer = atoi(value); } else if ( !strcmp( name, "auth" ) ) { strncpy( auth, value, sizeof(auth)-1 ); + } else if ( !strcmp( name, "token" ) ) { + jwt_token_str = value; + Info("ZMS: JWT token found: %s", jwt_token_str.c_str()); + } else if ( !strcmp( name, "user" ) ) { username = UriDecode( value ); } else if ( !strcmp( name, "pass" ) ) { @@ -181,11 +186,15 @@ int main( int argc, const char *argv[] ) { if ( config.opt_use_auth ) { User *user = 0; - if ( strcmp(config.auth_relay, "none") == 0 ) { + if (jwt_token_str != "") { + user = zmLoadTokenUser(jwt_token_str, config.auth_hash_ips); + + } + else if ( strcmp(config.auth_relay, "none") == 0 ) { if ( checkUser(username.c_str()) ) { user = zmLoadUser(username.c_str()); } else { - Error("") + Error("Bad username"); } } else { diff --git a/src/zmu.cpp b/src/zmu.cpp index 2ad1471d5..4750e40e0 100644 --- a/src/zmu.cpp +++ b/src/zmu.cpp @@ -138,6 +138,7 @@ void Usage(int status=-1) { " -U, --username : When running in authenticated mode the username and\n" " -P, --password : password combination of the given user\n" " -A, --auth : Pass authentication hash string instead of user details\n" + " -T, --token : Pass JWT token string instead of user details\n" "", stderr ); exit(status); @@ -263,6 +264,7 @@ int main(int argc, char *argv[]) { char *username = 0; char *password = 0; char *auth = 0; + std::string jwt_token_str = ""; #if ZM_HAS_V4L #if ZM_HAS_V4L2 int v4lVersion = 2; @@ -378,6 +380,9 @@ int main(int argc, char *argv[]) { case 'A': auth = optarg; break; + case 'T': + jwt_token_str = std::string(optarg); + break; #if ZM_HAS_V4L case 'V': v4lVersion = (atoi(optarg)==1)?1:2; @@ -438,10 +443,13 @@ int main(int argc, char *argv[]) { user = zmLoadUser(username); } else { - if ( !(username && password) && !auth ) { - Error("Username and password or auth string must be supplied"); + if ( !(username && password) && !auth && (jwt_token_str=="")) { + Error("Username and password or auth/token string must be supplied"); exit_zmu(-1); } + if (jwt_token_str != "") { + user = zmLoadTokenUser(jwt_token_str, false); + } if ( auth ) { user = zmLoadAuthUser(auth, false); } diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index d2a9cb203..0a24b5e85 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -105,7 +105,7 @@ class HostController extends AppController { // print ("relay=".$zmAuthRelay." haship=".$zmAuthHashIps." remote ip=".$_SERVER['REMOTE_ADDR']); $expireAt = $issuedAt + $ttl * 3600; - $expireAt = $issuedAt + 30; // TEST REMOVE + $expireAt = $issuedAt + 60; // TEST REMOVE $token = array( "iss" => "ZoneMinder", diff --git a/web/includes/auth.php b/web/includes/auth.php index 07e4be65f..1e6f9c3a7 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -215,20 +215,6 @@ function validateToken ($token) { return array(false, "No such user/credentials"); } - - // We are NOT checking against session username for now... - /* - // at this stage, token is valid, but lets validate user with session user - ZM\Info ("JWT user is ".$jwt['user']); - if ($jwt['user'] != $_SESSION['username']) { - ZM\Error ("Unable to authenticate user. Token doesn't belong to current user"); - return false; - } else { - ZM\Info ("Token validated for user:".$_SESSION['username']); - return $user; - } - */ - } function getAuthUser($auth) { From bb18c305abe2375a700ea4bcbb2d54ed42baf7ba Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 11:08:27 -0400 Subject: [PATCH 034/360] add token to command line for zmu --- src/zmu.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/zmu.cpp b/src/zmu.cpp index 4750e40e0..07f9ae8aa 100644 --- a/src/zmu.cpp +++ b/src/zmu.cpp @@ -243,6 +243,7 @@ int main(int argc, char *argv[]) { {"username", 1, 0, 'U'}, {"password", 1, 0, 'P'}, {"auth", 1, 0, 'A'}, + {"token", 1, 0, 'T'}, {"version", 1, 0, 'V'}, {"help", 0, 0, 'h'}, {"list", 0, 0, 'l'}, @@ -275,7 +276,7 @@ int main(int argc, char *argv[]) { while (1) { int option_index = 0; - int c = getopt_long(argc, argv, "d:m:vsEDLurwei::S:t::fz::ancqhlB::C::H::O::U:P:A:V:", long_options, &option_index); + int c = getopt_long(argc, argv, "d:m:vsEDLurwei::S:t::fz::ancqhlB::C::H::O::U:P:A:V:T:", long_options, &option_index); if ( c == -1 ) { break; } From 3a67217972d73d2ddcfe5a222604cdbd04b084ff Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 11:29:34 -0400 Subject: [PATCH 035/360] move decode inside try/catch --- src/zm_user.cpp | 86 +++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 42 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index c0f622b15..907ca6536 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -150,57 +150,59 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { } key += remote_addr; } - Info ("Inside zmLoadTokenUser, formed key=%s", key.c_str()); - auto decoded = jwt::decode(jwt_token_str); - - auto verifier = jwt::verify() - .allow_algorithm(jwt::algorithm::hs256{ key }) - .with_issuer("ZoneMinder"); try { + + auto decoded = jwt::decode(jwt_token_str); + auto verifier = jwt::verify() + .allow_algorithm(jwt::algorithm::hs256{ key }) + .with_issuer("ZoneMinder"); + verifier.verify(decoded); - } + + // token is valid and not expired + if (decoded.has_payload_claim("user")) { + + // We only need to check if user is enabled in DB and pass on + // correct access permissions + std::string username = decoded.get_payload_claim("user").as_string(); + Info ("Got %s as user claim from token", username.c_str()); + char sql[ZM_SQL_MED_BUFSIZ] = ""; + snprintf(sql, sizeof(sql), + "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" + " FROM Users where Username = '%s' and Enabled = 1", username.c_str() ); + + MYSQL_RES *result = mysql_store_result(&dbconn); + if ( !result ) { + Error("Can't use query result: %s", mysql_error(&dbconn)); + exit(mysql_errno(&dbconn)); + } + int n_users = mysql_num_rows(result); + + if ( n_users != 1 ) { + mysql_free_result(result); + Warning("Unable to authenticate user %s", username); + return NULL; + } + + MYSQL_ROW dbrow = mysql_fetch_row(result); + User *user = new User(dbrow); + Info ("Authenticated user '%s' via token", username.c_str()); + return user; + + } + else { + Error ("User not found in claim"); + return 0; + } + + } catch (const Exception &e) { Error( "Unable to verify token: %s", e.getMessage().c_str() ); return 0; } - // token is valid and not expired - if (decoded.has_payload_claim("user")) { - - // We only need to check if user is enabled in DB and pass on - // correct access permissions - std::string username = decoded.get_payload_claim("user").as_string(); - Info ("Got %s as user claim from token", username.c_str()); - char sql[ZM_SQL_MED_BUFSIZ] = ""; - snprintf(sql, sizeof(sql), - "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users where Username = '%s' and Enabled = 1", username.c_str() ); - - MYSQL_RES *result = mysql_store_result(&dbconn); - if ( !result ) { - Error("Can't use query result: %s", mysql_error(&dbconn)); - exit(mysql_errno(&dbconn)); - } - int n_users = mysql_num_rows(result); - - if ( n_users != 1 ) { - mysql_free_result(result); - Warning("Unable to authenticate user %s", username); - return NULL; - } - - MYSQL_ROW dbrow = mysql_fetch_row(result); - User *user = new User(dbrow); - Info ("Authenticated user '%s' via token", username.c_str()); - return user; - - } - else { - Error ("User not found in claim"); - return 0; - } } // Function to validate an authentication string From 04c3bebef92f96f7d58629e037a3f90c5134280e Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 11:44:15 -0400 Subject: [PATCH 036/360] exception handling for try/catch --- src/zm_user.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 907ca6536..e79332cb3 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -199,10 +199,15 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { } } - catch (const Exception &e) { - Error( "Unable to verify token: %s", e.getMessage().c_str() ); + catch (const std::exception &e) { + Error("Unable to verify token: %s", e.what()); return 0; } + catch (...) { + Error ("unknown exception"); + + } + return 0; } // Function to validate an authentication string From 3c6d0131ffd232d5349a3395387690c40e8dd03a Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 12:06:37 -0400 Subject: [PATCH 037/360] fix db read, forgot to exec query --- src/zm_user.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index e79332cb3..0c8201fd2 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -172,7 +172,12 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { char sql[ZM_SQL_MED_BUFSIZ] = ""; snprintf(sql, sizeof(sql), "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users where Username = '%s' and Enabled = 1", username.c_str() ); + " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); + + if ( mysql_query(&dbconn, sql) ) { + Error("Can't run query: %s", mysql_error(&dbconn)); + exit(mysql_errno(&dbconn)); + } MYSQL_RES *result = mysql_store_result(&dbconn); if ( !result ) { From 27e6e46f849974c363145285851732f049a8f8f9 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 12:11:32 -0400 Subject: [PATCH 038/360] remove allowing auth_hash_ip for token --- src/zms.cpp | 3 ++- web/api/app/Controller/HostController.php | 21 ++++++++++++--------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/src/zms.cpp b/src/zms.cpp index 0d4a22f45..8442b6a65 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -187,7 +187,8 @@ int main( int argc, const char *argv[] ) { User *user = 0; if (jwt_token_str != "") { - user = zmLoadTokenUser(jwt_token_str, config.auth_hash_ips); + //user = zmLoadTokenUser(jwt_token_str, config.auth_hash_ips); + user = zmLoadTokenUser(jwt_token_str, false); } else if ( strcmp(config.auth_relay, "none") == 0 ) { diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 0a24b5e85..c867be605 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -82,23 +82,26 @@ class HostController extends AppController { $credentials = ''; $this->loadModel('Config'); - $isZmAuth = ZM_OPT_USE_AUTH; $jwt = ''; $ttl = ''; - if ( $isZmAuth ) { + if ( ZM_OPT_USE_AUTH ) { require_once __DIR__ .'/../../../includes/auth.php'; require_once __DIR__.'/../../../vendor/autoload.php'; - $zmAuthRelay = ZM_AUTH_RELAY; - $zmAuthHashIps = NULL; - if ( $zmAuthRelay == 'hashed' ) { - $zmAuthHashIps = ZM_AUTH_HASH_IPS; - } + $key = ZM_AUTH_HASH_SECRET; - if ($zmAuthHashIps) { + + /* we won't support AUTH_HASH_IPS in token mode + reasons: + a) counter-intuitive for mobile consumers + b) zmu will never be able to to validate via a token if we sign + it after appending REMOTE_ADDR + + if (ZM_AUTH_HASH_IPS) { $key = $key . $_SERVER['REMOTE_ADDR']; - } + }*/ + $issuedAt = time(); $ttl = ZM_AUTH_HASH_TTL || 2; From bc050fe330026c9b66c88babd0f3417c850311cb Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 13:38:42 -0400 Subject: [PATCH 039/360] support refresh tokens as well for increased security --- src/zm_user.cpp | 14 ++++++ web/api/app/Controller/AppController.php | 17 +++++-- web/api/app/Controller/HostController.php | 56 ++++++++++++++--------- web/includes/auth.php | 13 +++++- 4 files changed, 75 insertions(+), 25 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 0c8201fd2..eac3a4b0f 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -163,6 +163,19 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { verifier.verify(decoded); // token is valid and not expired + + if (decoded.has_payload_claim("type")) { + std::string type = decoded.get_payload_claim("type").as_string(); + if (type != "access") { + Error ("Only access tokens are allowed. Please do not use refresh tokens"); + return 0; + } + } + else { + // something is wrong. All ZM tokens have type + Error ("Missing token type. This should not happen"); + return 0; + } if (decoded.has_payload_claim("user")) { // We only need to check if user is enabled in DB and pass on @@ -195,6 +208,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { MYSQL_ROW dbrow = mysql_fetch_row(result); User *user = new User(dbrow); Info ("Authenticated user '%s' via token", username.c_str()); + mysql_free_result(result); return user; } diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php index 840a14f58..23bd528b5 100644 --- a/web/api/app/Controller/AppController.php +++ b/web/api/app/Controller/AppController.php @@ -82,19 +82,30 @@ class AppController extends Controller { return; } } else if ( $mToken ) { - $ret = validateToken($mToken); + // if you pass a token to login, we should only allow + // refresh tokens to regenerate new access and refresh tokens + if ( !strcasecmp($this->params->action, 'login') ) { + $only_allow_token_type='refresh'; + } else { + // for any other methods, don't allow refresh tokens + // they are supposed to be infrequently used for security + // purposes + $only_allow_token_type='access'; + + } + $ret = validateToken($mToken, $only_allow_token_type); $user = $ret[0]; $retstatus = $ret[1]; if ( !$user ) { throw new UnauthorizedException(__($retstatus)); return; - } else if ( $mAuth ) { + } + } else if ( $mAuth ) { $user = getAuthUser($mAuth); if ( !$user ) { throw new UnauthorizedException(__('Invalid Auth Key')); return; } - } } // We need to reject methods that are not authenticated // besides login and logout diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index c867be605..747403dc3 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -35,15 +35,19 @@ class HostController extends AppController { $cred_depr = $this->_getCredentialsDeprecated(); $ver = $this->_getVersion(); $this->set(array( - 'token'=>$cred[0], - 'token_expires'=>$cred[1] * 3600, // takes AUTH_HASH_TTL || 2 hrs as the default + 'access_token'=>$cred[0], + 'access_token_expires'=>$cred[1], + 'refresh_token'=>$cred[2], + 'refresh_token_expires'=>$cred[3], 'credentials'=>$cred_depr[0], 'append_password'=>$cred_depr[1], 'version' => $ver[0], 'apiversion' => $ver[1], '_serialize' => array( - 'token', - 'token_expires', + 'access_token', + 'access_token_expires', + 'refresh_token', + 'refresh_token_expires', 'version', 'credentials', 'append_password', @@ -82,9 +86,6 @@ class HostController extends AppController { $credentials = ''; $this->loadModel('Config'); - $jwt = ''; - $ttl = ''; - if ( ZM_OPT_USE_AUTH ) { require_once __DIR__ .'/../../../includes/auth.php'; require_once __DIR__.'/../../../vendor/autoload.php'; @@ -102,27 +103,40 @@ class HostController extends AppController { $key = $key . $_SERVER['REMOTE_ADDR']; }*/ - $issuedAt = time(); - $ttl = ZM_AUTH_HASH_TTL || 2; + $access_issued_at = time(); + $access_ttl = (ZM_AUTH_HASH_TTL || 2) * 3600; - // print ("relay=".$zmAuthRelay." haship=".$zmAuthHashIps." remote ip=".$_SERVER['REMOTE_ADDR']); - - $expireAt = $issuedAt + $ttl * 3600; - $expireAt = $issuedAt + 60; // TEST REMOVE + // by default access token will expire in 2 hrs + // you can change it by changing the value of ZM_AUTH_HASH_TLL + $access_expire_at = $access_issued_at + $access_ttl; + $access_expire_at = $access_issued_at + 60; // TEST, REMOVE - $token = array( + $access_token = array( "iss" => "ZoneMinder", - "iat" => $issuedAt, - "exp" => $expireAt, - "user" => $_SESSION['username'] + "iat" => $access_issued_at, + "exp" => $access_expire_at, + "user" => $_SESSION['username'], + "type" => "access" ); - //use \Firebase\JWT\JWT; - $jwt = \Firebase\JWT\JWT::encode($token, $key, 'HS256'); + $jwt_access_token = \Firebase\JWT\JWT::encode($access_token, $key, 'HS256'); + + $refresh_issued_at = time(); + $refresh_ttl = 24 * 3600; // 1 day + + $refresh_expire_at = $refresh_issued_at + $refresh_ttl; + $refresh_token = array( + "iss" => "ZoneMinder", + "iat" => $refresh_issued_at, + "exp" => $refresh_expire_at, + "user" => $_SESSION['username'], + "type" => "refresh" + ); + $jwt_refresh_token = \Firebase\JWT\JWT::encode($refresh_token, $key, 'HS256'); } - return array($jwt, $ttl); - } // end function _getCredentials + return array($jwt_access_token, $access_ttl, $jwt_refresh_token, $refresh_ttl); + } // If $mid is set, only return disk usage for that monitor // Else, return an array of total disk usage, and per-monitor diff --git a/web/includes/auth.php b/web/includes/auth.php index 1e6f9c3a7..03e0fe0c6 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -185,7 +185,8 @@ function userLogout() { } -function validateToken ($token) { +function validateToken ($token, $allowed_token_type='access') { + global $user; $key = ZM_AUTH_HASH_SECRET; if (ZM_AUTH_HASH_IPS) $key .= $_SERVER['REMOTE_ADDR']; @@ -199,6 +200,16 @@ function validateToken ($token) { // convert from stdclass to array $jwt_payload = json_decode(json_encode($decoded_token), true); + + $type = $jwt_payload['type']; + if ($type != $allowed_token_type) { + if ($allowed_token_type == 'access') { + // give a hint that the user is not doing it right + ZM\Error ('Please do not use refresh tokens for this operation'); + } + return array (false, "Incorrect token type"); + } + $username = $jwt_payload['user']; $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username = ?'; $sql_values = array($username); From f9730bb46b1a5ee3a31d849b3c057335aafbe58f Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 14:07:48 -0400 Subject: [PATCH 040/360] remove auth_hash_ip --- web/includes/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index 03e0fe0c6..c446d0024 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -189,7 +189,7 @@ function validateToken ($token, $allowed_token_type='access') { global $user; $key = ZM_AUTH_HASH_SECRET; - if (ZM_AUTH_HASH_IPS) $key .= $_SERVER['REMOTE_ADDR']; + //if (ZM_AUTH_HASH_IPS) $key .= $_SERVER['REMOTE_ADDR']; try { $decoded_token = JWT::decode($token, $key, array('HS256')); } catch (Exception $e) { From 0bc96dfe83b0ef0f51d97d0b44236a11caf8a2ec Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 14:26:16 -0400 Subject: [PATCH 041/360] Error out if used did not create an AUTH_HASH_SECRET --- web/api/app/Controller/HostController.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 747403dc3..91e0093a1 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -90,8 +90,10 @@ class HostController extends AppController { require_once __DIR__ .'/../../../includes/auth.php'; require_once __DIR__.'/../../../vendor/autoload.php'; - $key = ZM_AUTH_HASH_SECRET; + if (!$key) { + throw new ForbiddenException(__('Please create a valid AUTH_HASH_SECRET in ZoneMinder')); + } /* we won't support AUTH_HASH_IPS in token mode reasons: From c41a2d067cb641f217efb2e22ae225998eddf8ba Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 14:29:44 -0400 Subject: [PATCH 042/360] fixed type conversion --- src/zm_user.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index eac3a4b0f..06ec3f76a 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -201,7 +201,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if ( n_users != 1 ) { mysql_free_result(result); - Warning("Unable to authenticate user %s", username); + Warning("Unable to authenticate user %s", username.c_str()); return NULL; } From 1770ebea23594d95ad31abfd9396466c6ae7fc25 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 15:26:51 -0400 Subject: [PATCH 043/360] make sure refresh token login doesn't generate another refresh token --- web/api/app/Controller/HostController.php | 100 +++++++++++++++------- 1 file changed, 67 insertions(+), 33 deletions(-) diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 91e0093a1..55fedd281 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -31,28 +31,57 @@ class HostController extends AppController { } function login() { - $cred = $this->_getCredentials(); $cred_depr = $this->_getCredentialsDeprecated(); $ver = $this->_getVersion(); - $this->set(array( - 'access_token'=>$cred[0], - 'access_token_expires'=>$cred[1], - 'refresh_token'=>$cred[2], - 'refresh_token_expires'=>$cred[3], - 'credentials'=>$cred_depr[0], - 'append_password'=>$cred_depr[1], - 'version' => $ver[0], - 'apiversion' => $ver[1], - '_serialize' => array( - 'access_token', - 'access_token_expires', - 'refresh_token', - 'refresh_token_expires', - 'version', - 'credentials', - 'append_password', - 'apiversion' - ))); + + $mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user'); + $mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass'); + $mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token'); + + if ($mUser && $mPassword) { + $cred = $this->_getCredentials(true); + // if you authenticated via user/pass then generate new refresh + $this->set(array( + 'access_token'=>$cred[0], + 'access_token_expires'=>$cred[1], + 'refresh_token'=>$cred[2], + 'refresh_token_expires'=>$cred[3], + 'credentials'=>$cred_depr[0], + 'append_password'=>$cred_depr[1], + 'version' => $ver[0], + 'apiversion' => $ver[1], + '_serialize' => array( + 'access_token', + 'access_token_expires', + 'refresh_token', + 'refresh_token_expires', + 'version', + 'credentials', + 'append_password', + 'apiversion' + ))); + } + else { + $cred = $this->_getCredentials(false); + $this->set(array( + 'access_token'=>$cred[0], + 'access_token_expires'=>$cred[1], + 'credentials'=>$cred_depr[0], + 'append_password'=>$cred_depr[1], + 'version' => $ver[0], + 'apiversion' => $ver[1], + '_serialize' => array( + 'access_token', + 'access_token_expires', + 'version', + 'credentials', + 'append_password', + 'apiversion' + ))); + + } + + } // end function login() // clears out session @@ -82,7 +111,7 @@ class HostController extends AppController { } } - private function _getCredentials() { + private function _getCredentials($generate_refresh_token=false) { $credentials = ''; $this->loadModel('Config'); @@ -123,19 +152,24 @@ class HostController extends AppController { $jwt_access_token = \Firebase\JWT\JWT::encode($access_token, $key, 'HS256'); - $refresh_issued_at = time(); - $refresh_ttl = 24 * 3600; // 1 day - - $refresh_expire_at = $refresh_issued_at + $refresh_ttl; - $refresh_token = array( - "iss" => "ZoneMinder", - "iat" => $refresh_issued_at, - "exp" => $refresh_expire_at, - "user" => $_SESSION['username'], - "type" => "refresh" - ); - $jwt_refresh_token = \Firebase\JWT\JWT::encode($refresh_token, $key, 'HS256'); + $jwt_refresh_token = ""; + $refresh_ttl = 0; + if ($generate_refresh_token) { + $refresh_issued_at = time(); + $refresh_ttl = 24 * 3600; // 1 day + + $refresh_expire_at = $refresh_issued_at + $refresh_ttl; + $refresh_token = array( + "iss" => "ZoneMinder", + "iat" => $refresh_issued_at, + "exp" => $refresh_expire_at, + "user" => $_SESSION['username'], + "type" => "refresh" + ); + $jwt_refresh_token = \Firebase\JWT\JWT::encode($refresh_token, $key, 'HS256'); + } + } return array($jwt_access_token, $access_ttl, $jwt_refresh_token, $refresh_ttl); } From 2212244882ef6dca0acf51f0149fcaf6fd251857 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 15:47:38 -0400 Subject: [PATCH 044/360] fix absolute path --- src/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index efdb5224d..3ea9d9647 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -10,7 +10,7 @@ set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_conf # A fix for cmake recompiling the source files for every target. add_library(zm STATIC ${ZM_BIN_SRC_FILES}) -link_directories(/home/pp/source/pp_ZoneMinder.git/third_party/bcrypt) +link_directories(../third_party/bcrypt) add_executable(zmc zmc.cpp) add_executable(zma zma.cpp) From 4ab0c35962926e7149eccdc6bc415b048d5ef223 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 16:45:28 -0400 Subject: [PATCH 045/360] move JWT/Bcrypt inside zm_crypt --- src/zm_crypt.cpp | 56 ++++++++++++++++++++++------ src/zm_crypt.h | 5 +-- src/zm_user.cpp | 95 +++++++++++++++--------------------------------- 3 files changed, 76 insertions(+), 80 deletions(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 6c6f4c7c1..3a3f66aeb 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -1,25 +1,59 @@ #include "zm.h" # include "zm_crypt.h" +#include "BCrypt.hpp" +#include "jwt.h" #include +// returns username if valid, "" if not +std::string verifyToken(std::string jwt_token_str, std::string key) { + std::string username = ""; + try { + // is it decodable? + auto decoded = jwt::decode(jwt_token_str); + auto verifier = jwt::verify() + .allow_algorithm(jwt::algorithm::hs256{ key }) + .with_issuer("ZoneMinder"); + + // signature verified? + verifier.verify(decoded); + // make sure it has fields we need + if (decoded.has_payload_claim("type")) { + std::string type = decoded.get_payload_claim("type").as_string(); + if (type != "access") { + Error ("Only access tokens are allowed. Please do not use refresh tokens"); + return ""; + } + } + else { + // something is wrong. All ZM tokens have type + Error ("Missing token type. This should not happen"); + return ""; + } + if (decoded.has_payload_claim("user")) { + username = decoded.get_payload_claim("user").as_string(); + Info ("Got %s as user claim from token", username.c_str()); + } + else { + Error ("User not found in claim"); + return ""; + } + } // try + catch (const std::exception &e) { + Error("Unable to verify token: %s", e.what()); + return ""; + } + catch (...) { + Error ("unknown exception"); + return ""; - -std::string createToken() { - std::string token = jwt::create() - .set_issuer("auth0") - //.set_expires_at(jwt::date(expiresAt)) - //.set_issued_at(jwt::date(tp)) - //.set_issued_at(jwt::date(std::chrono::system_clock::now())) - //.set_expires_at(jwt::date(std::chrono::system_clock::now()+std::chrono::seconds{EXPIRY})) - .sign(jwt::algorithm::hs256{"secret"}); - return token; + } + return username; } bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash) { bool password_correct = false; - Info ("JWT created as %s",createToken().c_str()); if (strlen(db_password_hash ) < 4) { // actually, shoud be more, but this is min. for next code Error ("DB Password is too short or invalid to check"); diff --git a/src/zm_crypt.h b/src/zm_crypt.h index a1e8945e4..8fb50cf00 100644 --- a/src/zm_crypt.h +++ b/src/zm_crypt.h @@ -23,10 +23,9 @@ #include #include -#include "BCrypt.hpp" -#include "jwt.h" + bool verifyPassword( const char *username, const char *input_password, const char *db_password_hash); -std::string createToken(); +std::string verifyToken(std::string token, std::string key); #endif // ZM_CRYPT_H \ No newline at end of file diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 06ec3f76a..7ac934d2a 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -142,6 +142,7 @@ User *zmLoadUser( const char *username, const char *password ) { User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { std::string key = config.auth_hash_secret; std::string remote_addr = ""; + if (use_remote_addr) { remote_addr = std::string(getenv( "REMOTE_ADDR" )); if ( remote_addr == "" ) { @@ -153,82 +154,44 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { Info ("Inside zmLoadTokenUser, formed key=%s", key.c_str()); - try { + std::string username = verifyToken(jwt_token_str, key); + if (username != "") { + char sql[ZM_SQL_MED_BUFSIZ] = ""; + snprintf(sql, sizeof(sql), + "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" + " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); - auto decoded = jwt::decode(jwt_token_str); - auto verifier = jwt::verify() - .allow_algorithm(jwt::algorithm::hs256{ key }) - .with_issuer("ZoneMinder"); - - verifier.verify(decoded); - - // token is valid and not expired - - if (decoded.has_payload_claim("type")) { - std::string type = decoded.get_payload_claim("type").as_string(); - if (type != "access") { - Error ("Only access tokens are allowed. Please do not use refresh tokens"); - return 0; - } + if ( mysql_query(&dbconn, sql) ) { + Error("Can't run query: %s", mysql_error(&dbconn)); + exit(mysql_errno(&dbconn)); } - else { - // something is wrong. All ZM tokens have type - Error ("Missing token type. This should not happen"); - return 0; + + MYSQL_RES *result = mysql_store_result(&dbconn); + if ( !result ) { + Error("Can't use query result: %s", mysql_error(&dbconn)); + exit(mysql_errno(&dbconn)); } - if (decoded.has_payload_claim("user")) { + int n_users = mysql_num_rows(result); - // We only need to check if user is enabled in DB and pass on - // correct access permissions - std::string username = decoded.get_payload_claim("user").as_string(); - Info ("Got %s as user claim from token", username.c_str()); - char sql[ZM_SQL_MED_BUFSIZ] = ""; - snprintf(sql, sizeof(sql), - "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); - - if ( mysql_query(&dbconn, sql) ) { - Error("Can't run query: %s", mysql_error(&dbconn)); - exit(mysql_errno(&dbconn)); - } - - MYSQL_RES *result = mysql_store_result(&dbconn); - if ( !result ) { - Error("Can't use query result: %s", mysql_error(&dbconn)); - exit(mysql_errno(&dbconn)); - } - int n_users = mysql_num_rows(result); - - if ( n_users != 1 ) { - mysql_free_result(result); - Warning("Unable to authenticate user %s", username.c_str()); - return NULL; - } - - MYSQL_ROW dbrow = mysql_fetch_row(result); - User *user = new User(dbrow); - Info ("Authenticated user '%s' via token", username.c_str()); + if ( n_users != 1 ) { mysql_free_result(result); - return user; - - } - else { - Error ("User not found in claim"); - return 0; + Warning("Unable to authenticate user %s", username.c_str()); + return NULL; } - } - catch (const std::exception &e) { - Error("Unable to verify token: %s", e.what()); - return 0; - } - catch (...) { - Error ("unknown exception"); + MYSQL_ROW dbrow = mysql_fetch_row(result); + User *user = new User(dbrow); + Info ("Authenticated user '%s' via token", username.c_str()); + mysql_free_result(result); + return user; } - return 0; + else { + return NULL; + } + } - + // Function to validate an authentication string User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) { #if HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT From 0bb5ff934e7e5c96884368510ce15ac71f038cb0 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 19:17:31 -0400 Subject: [PATCH 046/360] move sha headers out --- src/zm_crypt.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 3a3f66aeb..6d9af1460 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -3,6 +3,7 @@ #include "BCrypt.hpp" #include "jwt.h" #include +#include // returns username if valid, "" if not From 8461852e2777cec3fe494b89c60dd3bf41870bd9 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 8 May 2019 19:32:58 -0400 Subject: [PATCH 047/360] move out sha header --- src/zm_crypt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_crypt.h b/src/zm_crypt.h index 8fb50cf00..fd3bd7e85 100644 --- a/src/zm_crypt.h +++ b/src/zm_crypt.h @@ -22,7 +22,7 @@ #include -#include + bool verifyPassword( const char *username, const char *input_password, const char *db_password_hash); From 95b448abdde69f1513347ef39eb604a133910c87 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 10 May 2019 11:25:55 -0400 Subject: [PATCH 048/360] handle case when supplied password is hashed, fix wrong params in AppController --- web/api/app/Controller/AppController.php | 3 ++- web/includes/auth.php | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php index 23bd528b5..1264dc25c 100644 --- a/web/api/app/Controller/AppController.php +++ b/web/api/app/Controller/AppController.php @@ -76,7 +76,8 @@ class AppController extends Controller { $mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token'); if ( $mUser and $mPassword ) { - $user = userLogin($mUser, $mPassword, true); + // log (user, pass, nothashed, api based login so skip recaptcha) + $user = userLogin($mUser, $mPassword, false, true); if ( !$user ) { throw new UnauthorizedException(__('User not found or incorrect password')); return; diff --git a/web/includes/auth.php b/web/includes/auth.php index c446d0024..6a076ec5d 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -126,7 +126,7 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin ZM\Logger::Debug ('bcrypt signature found, assumed bcrypt password'); $password_type='bcrypt'; - $password_correct = password_verify($password, $saved_password); + $password_correct = $passwordHashed? ($password == $saved_password) : password_verify($password, $saved_password); } else { // we really should nag the user not to use plain @@ -346,6 +346,7 @@ if ( ZM_OPT_USE_AUTH ) { $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) ) { + if ( $authUser = getAuthUser($_REQUEST['auth']) ) { userLogin($authUser['Username'], $authUser['Password'], true); } From e6b7af4583647f4a392dee8279acba4b6dcbcd82 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 10 May 2019 15:11:35 -0400 Subject: [PATCH 049/360] initial baby step for api tab --- scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in | 2 +- web/lang/en_gb.php | 1 + web/skins/classic/views/options.php | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index c6ec697f1..0e52cbe0c 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -394,7 +394,7 @@ our @options = ( if you are exposing your ZM instance on the Internet. `, type => $types{boolean}, - category => 'system', + category => 'API', }, { name => 'ZM_OPT_USE_EVENTNOTIFICATION', diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 945d26bea..09f3c09a9 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -104,6 +104,7 @@ $SLANG = array( 'All' => 'All', 'AnalysisFPS' => 'Analysis FPS', 'AnalysisUpdateDelay' => 'Analysis Update Delay', + 'API' => 'API', 'Apply' => 'Apply', 'ApplyingStateChange' => 'Applying State Change', 'ArchArchived' => 'Archived Only', diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index f7440d92e..561964a85 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -29,6 +29,7 @@ $tabs = array(); $tabs['skins'] = translate('Display'); $tabs['system'] = translate('System'); $tabs['config'] = translate('Config'); +$tabs['config'] = translate('API'); $tabs['servers'] = translate('Servers'); $tabs['storage'] = translate('Storage'); $tabs['web'] = translate('Web'); From ae14be916c5a282ce23f8f67f81aa559382e86c2 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 11 May 2019 13:39:40 -0400 Subject: [PATCH 050/360] initial plumbing to introduce token expiry and API bans per user --- db/zm_create.sql.in | 4 +++- src/zm_crypt.cpp | 23 ++++++++++++++------ src/zm_crypt.h | 2 +- src/zm_user.cpp | 16 ++++++++++++-- version | 2 +- web/includes/auth.php | 24 +++++++++++++++++++++ web/lang/en_gb.php | 1 + web/skins/classic/views/options.php | 33 +++++++++++++++++++++++++++-- 8 files changed, 91 insertions(+), 14 deletions(-) diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index 787854091..e0af53f1f 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -245,7 +245,7 @@ DROP TABLE IF EXISTS `Events_Week`; CREATE TABLE `Events_Week` ( `EventId` BIGINT unsigned NOT NULL, `MonitorId` int(10) unsigned NOT NULL, - `StartTime` datetime default NULL, + `StartTime` datetime default NULL,M `DiskSpace` bigint default NULL, PRIMARY KEY (`EventId`), KEY `Events_Week_MonitorId_idx` (`MonitorId`), @@ -640,6 +640,8 @@ CREATE TABLE `Users` ( `System` enum('None','View','Edit') NOT NULL default 'None', `MaxBandwidth` varchar(16), `MonitorIds` text, + `TokenMinExpiry` BIGINT UNSIGNED NOT NULL DEFAULT 0, + `APIEnabled` tinyint(3) UNSIGNED NOT NULL default 1, PRIMARY KEY (`Id`), UNIQUE KEY `UC_Username` (`Username`) ) ENGINE=@ZM_MYSQL_ENGINE@; diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 6d9af1460..845582137 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -7,8 +7,9 @@ // returns username if valid, "" if not -std::string verifyToken(std::string jwt_token_str, std::string key) { +std::pair verifyToken(std::string jwt_token_str, std::string key) { std::string username = ""; + int token_issued_at = 0; try { // is it decodable? auto decoded = jwt::decode(jwt_token_str); @@ -24,13 +25,13 @@ std::string verifyToken(std::string jwt_token_str, std::string key) { std::string type = decoded.get_payload_claim("type").as_string(); if (type != "access") { Error ("Only access tokens are allowed. Please do not use refresh tokens"); - return ""; + return std::make_pair("",0); } } else { // something is wrong. All ZM tokens have type Error ("Missing token type. This should not happen"); - return ""; + return std::make_pair("",0); } if (decoded.has_payload_claim("user")) { username = decoded.get_payload_claim("user").as_string(); @@ -38,19 +39,27 @@ std::string verifyToken(std::string jwt_token_str, std::string key) { } else { Error ("User not found in claim"); - return ""; + return std::make_pair("",0); + } + + if (decoded.has_payload_claim("iat")) { + token_issued_at = (unsigned int) (decoded.get_payload_claim("iat").as_int()); + } + else { + Error ("IAT not found in claim. This should not happen"); + return std::make_pair("",0); } } // try catch (const std::exception &e) { Error("Unable to verify token: %s", e.what()); - return ""; + return std::make_pair("",0); } catch (...) { Error ("unknown exception"); - return ""; + return std::make_pair("",0); } - return username; + return std::make_pair(username,token_issued_at); } bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash) { diff --git a/src/zm_crypt.h b/src/zm_crypt.h index fd3bd7e85..340abc36c 100644 --- a/src/zm_crypt.h +++ b/src/zm_crypt.h @@ -27,5 +27,5 @@ bool verifyPassword( const char *username, const char *input_password, const char *db_password_hash); -std::string verifyToken(std::string token, std::string key); +std::pair verifyToken(std::string token, std::string key); #endif // ZM_CRYPT_H \ No newline at end of file diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 7ac934d2a..b8009c221 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -154,7 +154,10 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { Info ("Inside zmLoadTokenUser, formed key=%s", key.c_str()); - std::string username = verifyToken(jwt_token_str, key); + std::pair ans = verifyToken(jwt_token_str, key); + std::string username = ans.first; + unsigned int iat = ans.second; + if (username != "") { char sql[ZM_SQL_MED_BUFSIZ] = ""; snprintf(sql, sizeof(sql), @@ -175,12 +178,21 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if ( n_users != 1 ) { mysql_free_result(result); - Warning("Unable to authenticate user %s", username.c_str()); + Error("Unable to authenticate user %s", username.c_str()); return NULL; } MYSQL_ROW dbrow = mysql_fetch_row(result); User *user = new User(dbrow); + unsigned int stored_iat = strtoul(dbrow[14], NULL,0 ); + + if (stored_iat > iat ) { // admin revoked tokens + mysql_free_result(result); + Error("Token was revoked for %s", username.c_str()); + return NULL; + } + + Info ("Got stored expiry time of %u",stored_iat); Info ("Authenticated user '%s' via token", username.c_str()); mysql_free_result(result); return user; diff --git a/version b/version index 692c2e30d..c64ec5337 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.33.8 +1.33.9 diff --git a/web/includes/auth.php b/web/includes/auth.php index 6a076ec5d..559b478ce 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -109,6 +109,19 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin $password_type = NULL; if ($saved_user_details) { + + // if the API layer asked us to login, make sure the user + // has API enabled (admin may have banned API for this user) + + if ($apiLogin) { + if ($saved_user_details['APIEnabled'] != 1) { + ZM\Error ("API disabled for: $username"); + $_SESSION['loginFailed'] = true; + unset($user); + return false; + } + } + $saved_password = $saved_user_details['Password']; if ($saved_password[0] == '*') { // We assume we don't need to support mysql < 4.1 @@ -217,6 +230,17 @@ function validateToken ($token, $allowed_token_type='access') { $saved_user_details = dbFetchOne ($sql, NULL, $sql_values); if ($saved_user_details) { + + $issuedAt = $jwt_payload['iat']; + $minIssuedAt = $saved_user_details['TokenMinExpiry']; + + if ($issuedAt < $minIssuedAt) { + ZM\Error ("Token revoked for $username. Please generate a new token"); + $_SESSION['loginFailed'] = true; + unset($user); + return array(false, "Token revoked. Please re-generate"); + } + $user = $saved_user_details; return array($user, "OK"); } else { diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 09f3c09a9..e81f7fe6f 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -421,6 +421,7 @@ $SLANG = array( 'Images' => 'Images', 'Include' => 'Include', 'In' => 'In', + 'InvalidateTokens' => 'Invalidate all generated tokens', 'Inverted' => 'Inverted', 'Iris' => 'Iris', 'KeyString' => 'Key String', diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index 561964a85..90d9a5b02 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -29,7 +29,7 @@ $tabs = array(); $tabs['skins'] = translate('Display'); $tabs['system'] = translate('System'); $tabs['config'] = translate('Config'); -$tabs['config'] = translate('API'); +$tabs['API'] = translate('API'); $tabs['servers'] = translate('Servers'); $tabs['storage'] = translate('Storage'); $tabs['web'] = translate('Web'); @@ -134,7 +134,8 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI -
@@ -424,6 +425,32 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI + + + + HELLO BABY! + + >
+
+ + + + + +
@@ -432,6 +459,8 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI } ?> + + From 91b6d0103cd032c1721f2d24b66a1f4e8d661ed1 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 11 May 2019 13:41:19 -0400 Subject: [PATCH 051/360] remove M typo --- db/zm_create.sql.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index e0af53f1f..653e95cc6 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -245,7 +245,7 @@ DROP TABLE IF EXISTS `Events_Week`; CREATE TABLE `Events_Week` ( `EventId` BIGINT unsigned NOT NULL, `MonitorId` int(10) unsigned NOT NULL, - `StartTime` datetime default NULL,M + `StartTime` datetime default NULL, `DiskSpace` bigint default NULL, PRIMARY KEY (`EventId`), KEY `Events_Week_MonitorId_idx` (`MonitorId`), From 2ee466f5e445944c8934e760081c79ca6f29de43 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 11 May 2019 14:08:49 -0400 Subject: [PATCH 052/360] display user table in api --- web/skins/classic/views/options.php | 48 ++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index 90d9a5b02..3c0bd809e 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -430,25 +430,57 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI if ($tab == 'API') { ?> - HELLO BABY! +
- >
+ >

+
+ + + + + + + + + + + + + + + + + + + + + + + +
+
From 88d50ec9cac7f18fdd9f4affcaf7be5e779d5c72 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 11 May 2019 15:47:57 -0400 Subject: [PATCH 053/360] added revoke all tokens code, removed test code --- web/api/app/Controller/HostController.php | 2 +- web/skins/classic/views/options.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 55fedd281..7b8c7c0ff 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -140,7 +140,7 @@ class HostController extends AppController { // by default access token will expire in 2 hrs // you can change it by changing the value of ZM_AUTH_HASH_TLL $access_expire_at = $access_issued_at + $access_ttl; - $access_expire_at = $access_issued_at + 60; // TEST, REMOVE + //$access_expire_at = $access_issued_at + 60; // TEST, REMOVE $access_token = array( "iss" => "ZoneMinder", diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index 3c0bd809e..e9245f10e 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -439,6 +439,8 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI Date: Sat, 11 May 2019 15:58:07 -0400 Subject: [PATCH 054/360] use strtoul for conversion --- src/zm_crypt.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 845582137..fe0b2b418 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -43,7 +43,11 @@ std::pair verifyToken(std::string jwt_token_str, std } if (decoded.has_payload_claim("iat")) { - token_issued_at = (unsigned int) (decoded.get_payload_claim("iat").as_int()); + + + std::string iat_str = decoded.get_payload_claim("iat").as_string(); + Info ("Got IAT token=%s", iat_str); + token_issued_at = strtoul(iat_str, NULL,0 ); } else { Error ("IAT not found in claim. This should not happen"); From 053e57af62c79953f6a0c0f913a529d6fc54d088 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 11 May 2019 16:01:05 -0400 Subject: [PATCH 055/360] use strtoul for conversion --- src/zm_crypt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index fe0b2b418..5ef2433d4 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -47,7 +47,7 @@ std::pair verifyToken(std::string jwt_token_str, std std::string iat_str = decoded.get_payload_claim("iat").as_string(); Info ("Got IAT token=%s", iat_str); - token_issued_at = strtoul(iat_str, NULL,0 ); + token_issued_at = strtoul(iat_str.c_str(), NULL,0 ); } else { Error ("IAT not found in claim. This should not happen"); From 3e66be27a80215ca72a00945ac01644cdc1f99e5 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 11 May 2019 16:09:42 -0400 Subject: [PATCH 056/360] use strtoul for conversion --- src/zm_crypt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 5ef2433d4..72fba3294 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -46,7 +46,7 @@ std::pair verifyToken(std::string jwt_token_str, std std::string iat_str = decoded.get_payload_claim("iat").as_string(); - Info ("Got IAT token=%s", iat_str); + Info ("Got IAT token=%s", iat_str.c_str()); token_issued_at = strtoul(iat_str.c_str(), NULL,0 ); } else { From 6ab31dfe4b8b42a84bf4ecdcf8b100fa24002436 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 05:03:16 -0400 Subject: [PATCH 057/360] more fixes --- src/zm_crypt.cpp | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 72fba3294..e9877ffd3 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -9,7 +9,7 @@ // returns username if valid, "" if not std::pair verifyToken(std::string jwt_token_str, std::string key) { std::string username = ""; - int token_issued_at = 0; + unsigned int token_issued_at = 0; try { // is it decodable? auto decoded = jwt::decode(jwt_token_str); @@ -43,11 +43,9 @@ std::pair verifyToken(std::string jwt_token_str, std } if (decoded.has_payload_claim("iat")) { - - - std::string iat_str = decoded.get_payload_claim("iat").as_string(); - Info ("Got IAT token=%s", iat_str.c_str()); - token_issued_at = strtoul(iat_str.c_str(), NULL,0 ); + token_issued_at = (unsigned int) (decoded.get_payload_claim("iat").as_int()); + Info ("Got IAT token=%u", iat); + } else { Error ("IAT not found in claim. This should not happen"); From 1f22c38453ff6d0c1c12a08fedbc72ea9d27a733 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 05:10:20 -0400 Subject: [PATCH 058/360] more fixes --- src/zm_crypt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index e9877ffd3..c37ab25bc 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -44,7 +44,7 @@ std::pair verifyToken(std::string jwt_token_str, std if (decoded.has_payload_claim("iat")) { token_issued_at = (unsigned int) (decoded.get_payload_claim("iat").as_int()); - Info ("Got IAT token=%u", iat); + Info ("Got IAT token=%u", token_issued_at); } else { From 225893fcd63e27f6e4246dae079937176f0b931a Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 05:50:19 -0400 Subject: [PATCH 059/360] add mintokenexpiry to DB seek --- src/zm_user.cpp | 5 +++-- web/api/app/Controller/AppController.php | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index b8009c221..f37233553 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -161,7 +161,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if (username != "") { char sql[ZM_SQL_MED_BUFSIZ] = ""; snprintf(sql, sizeof(sql), - "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" + "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds, MinTokenExpiry" " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); if ( mysql_query(&dbconn, sql) ) { @@ -184,7 +184,8 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { MYSQL_ROW dbrow = mysql_fetch_row(result); User *user = new User(dbrow); - unsigned int stored_iat = strtoul(dbrow[14], NULL,0 ); + Info ("DB 9=%s", dbrow[9]); + unsigned int stored_iat = strtoul(dbrow[9], NULL,0 ); if (stored_iat > iat ) { // admin revoked tokens mysql_free_result(result); diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php index 1264dc25c..65585ff61 100644 --- a/web/api/app/Controller/AppController.php +++ b/web/api/app/Controller/AppController.php @@ -79,7 +79,7 @@ class AppController extends Controller { // log (user, pass, nothashed, api based login so skip recaptcha) $user = userLogin($mUser, $mPassword, false, true); if ( !$user ) { - throw new UnauthorizedException(__('User not found or incorrect password')); + throw new UnauthorizedException(__('Incorrect credentials or API disabled')); return; } } else if ( $mToken ) { From 849995876794cc13bd2cfa37d9b52d30d29c22f9 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 05:57:17 -0400 Subject: [PATCH 060/360] typo --- src/zm_user.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index f37233553..84536c16e 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -161,7 +161,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if (username != "") { char sql[ZM_SQL_MED_BUFSIZ] = ""; snprintf(sql, sizeof(sql), - "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds, MinTokenExpiry" + "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds, TokenMinExpiry" " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); if ( mysql_query(&dbconn, sql) ) { From a9d601e5aecaebeda97a30f21f86cb4798294502 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 10:56:17 -0400 Subject: [PATCH 061/360] add ability to revoke tokens and enable/disable APIs per user --- web/includes/actions/options.php | 1 + web/lang/en_gb.php | 1 + web/skins/classic/views/options.php | 115 ++++++++++++++++------------ 3 files changed, 68 insertions(+), 49 deletions(-) diff --git a/web/includes/actions/options.php b/web/includes/actions/options.php index 0c80bacf0..2f98b4a95 100644 --- a/web/includes/actions/options.php +++ b/web/includes/actions/options.php @@ -75,6 +75,7 @@ if ( $action == 'delete' ) { case 'config' : $restartWarning = true; break; + case 'API': case 'web' : case 'tools' : break; diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index e81f7fe6f..b5fa70168 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -660,6 +660,7 @@ $SLANG = array( 'RestrictedMonitors' => 'Restricted Monitors', 'ReturnDelay' => 'Return Delay', 'ReturnLocation' => 'Return Location', + 'RevokeAllTokens' => 'Revoke All Tokens' 'Rewind' => 'Rewind', 'RotateLeft' => 'Rotate Left', 'RotateRight' => 'Rotate Right', diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index e9245f10e..c4a630ade 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -430,60 +430,77 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI if ($tab == 'API') { ?> - -
- >

-
- - - - -
- - - - - - - - - - - - - - - - - - - - - - + + +
+ + "; + dbQuery('UPDATE Users SET TokenMinExpiry=? WHERE Id=?', array($minTime, $markUid)); + } + foreach( $_REQUEST["apiUids"] as $markUid ) { + dbQuery('UPDATE Users SET APIEnabled=1 WHERE Id=?', array($markUid)); + // echo "UPDATE Users SET APIEnabled=1"." WHERE Id=".$markUid."
"; + } + echo "Updated."; + } + + if(array_key_exists('revokeAllTokens',$_POST)){ + revokeAllTokens(); + } + + if(array_key_exists('updateSelected',$_POST)){ + updateSelected(); + } + ?> + + +

+ + + +
+ + + + + + + + + + + + + + +
/>
+
From c1891e35b9c23eb5b73480af36c180dd1609ed5c Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 12:15:08 -0400 Subject: [PATCH 062/360] moved API enable back to system --- .../lib/ZoneMinder/ConfigData.pm.in | 2 +- web/skins/classic/views/options.php | 160 +++++++++--------- 2 files changed, 83 insertions(+), 79 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index 0e52cbe0c..c6ec697f1 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -394,7 +394,7 @@ our @options = ( if you are exposing your ZM instance on the Internet. `, type => $types{boolean}, - category => 'API', + category => 'system', }, { name => 'ZM_OPT_USE_EVENTNOTIFICATION', diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index c4a630ade..18b608155 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -311,8 +311,88 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
-APIs are disabled. To enable, please turn on OPT_USE_API in Options->System
"; + } + else { + ?> + +
+
+ + "; + dbQuery('UPDATE Users SET TokenMinExpiry=? WHERE Id=?', array($minTime, $markUid)); + } + foreach( $_REQUEST["apiUids"] as $markUid ) { + dbQuery('UPDATE Users SET APIEnabled=1 WHERE Id=?', array($markUid)); + // echo "UPDATE Users SET APIEnabled=1"." WHERE Id=".$markUid."
"; + } + echo "Updated."; + } + + if(array_key_exists('revokeAllTokens',$_POST)){ + revokeAllTokens(); + } + + if(array_key_exists('updateSelected',$_POST)){ + updateSelected(); + } + ?> + + +

+ + + + + + + + + + + + + + + + + + + + +
/>
+
+ + + - - - - -
-
- - "; - dbQuery('UPDATE Users SET TokenMinExpiry=? WHERE Id=?', array($minTime, $markUid)); - } - foreach( $_REQUEST["apiUids"] as $markUid ) { - dbQuery('UPDATE Users SET APIEnabled=1 WHERE Id=?', array($markUid)); - // echo "UPDATE Users SET APIEnabled=1"." WHERE Id=".$markUid."
"; - } - echo "Updated."; - } - - if(array_key_exists('revokeAllTokens',$_POST)){ - revokeAllTokens(); - } - - if(array_key_exists('updateSelected',$_POST)){ - updateSelected(); - } - ?> - - -

- - - - - - - - - - - - - - - - - - - - -
/>
-
- - -
From 9998c2610112470bfddd9214631442c73f89ab6f Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 12:21:49 -0400 Subject: [PATCH 063/360] comma --- web/lang/en_gb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index b5fa70168..e0ee8f39f 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -660,7 +660,7 @@ $SLANG = array( 'RestrictedMonitors' => 'Restricted Monitors', 'ReturnDelay' => 'Return Delay', 'ReturnLocation' => 'Return Location', - 'RevokeAllTokens' => 'Revoke All Tokens' + 'RevokeAllTokens' => 'Revoke All Tokens', 'Rewind' => 'Rewind', 'RotateLeft' => 'Rotate Left', 'RotateRight' => 'Rotate Right', From 91dd6630b59f962f6062402b191c165c5e2c6029 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 12:34:55 -0400 Subject: [PATCH 064/360] enable API options only if API enabled --- web/skins/classic/views/options.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index 18b608155..465da0a02 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -316,7 +316,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI } else if ($tab == 'API') { $apiEnabled = dbFetchOne("SELECT Value FROM Config WHERE Name='ZM_OPT_USE_API'"); - if (!$apiEnabled) { + if ($apiEnabled['Value']!='1') { echo "
APIs are disabled. To enable, please turn on OPT_USE_API in Options->System
"; } else { From d7dbaf52d410bb76bbdfb6a07e701ef9cab7db4d Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 13:01:29 -0400 Subject: [PATCH 065/360] move user creation to bcrypt --- web/includes/actions/user.php | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/web/includes/actions/user.php b/web/includes/actions/user.php index af569627f..bacf68698 100644 --- a/web/includes/actions/user.php +++ b/web/includes/actions/user.php @@ -28,8 +28,18 @@ if ( $action == 'user' ) { $types = array(); $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types); - if ( $_REQUEST['newUser']['Password'] ) - $changes['Password'] = 'Password = password('.dbEscape($_REQUEST['newUser']['Password']).')'; + if (function_exists ('password_hash')) { + $pass_hash = '"'.password_hash($pass, PASSWORD_BCRYPT).'"'; + } else { + $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; + ZM\Info ('Cannot use bcrypt as you are using PHP < 5.5'); + } + + if ( $_REQUEST['newUser']['Password'] ) { + $changes['Password'] = 'Password = '.$pass_hash; + ZM\Info ("PASS CMD=".$changes['Password']); + } + else unset($changes['Password']); @@ -53,8 +63,19 @@ if ( $action == 'user' ) { $types = array(); $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types); - if ( !empty($_REQUEST['newUser']['Password']) ) - $changes['Password'] = 'Password = password('.dbEscape($_REQUEST['newUser']['Password']).')'; + if (function_exists ('password_hash')) { + $pass_hash = '"'.password_hash($pass, PASSWORD_BCRYPT).'"'; + } else { + $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; + ZM\Info ('Cannot use bcrypt as you are using PHP < 5.5'); + } + + + if ( !empty($_REQUEST['newUser']['Password']) ) { + ZM\Info ("PASS CMD=".$changes['Password']); + $changes['Password'] = 'Password = '.$pass_hash; + } + else unset($changes['Password']); if ( count($changes) ) { From adb01c4d0e33fa17715371c390f276a3af5c3bc7 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 13:57:25 -0400 Subject: [PATCH 066/360] added password_compat for PHP >=5.3 <5.5 --- web/composer.json | 3 +- web/composer.lock | 46 ++- web/includes/actions/user.php | 2 +- web/includes/auth.php | 6 +- web/skins/classic/views/options.php | 4 +- web/vendor/composer/ClassLoader.php | 4 +- web/vendor/composer/LICENSE | 69 +++- web/vendor/composer/autoload_files.php | 10 + web/vendor/composer/autoload_real.php | 18 + web/vendor/composer/autoload_static.php | 4 + web/vendor/composer/installed.json | 44 +++ .../ircmaxell/password-compat/LICENSE.md | 7 + .../ircmaxell/password-compat/composer.json | 20 ++ .../password-compat/lib/password.php | 314 ++++++++++++++++++ .../password-compat/version-test.php | 6 + 15 files changed, 528 insertions(+), 29 deletions(-) create mode 100644 web/vendor/composer/autoload_files.php create mode 100644 web/vendor/ircmaxell/password-compat/LICENSE.md create mode 100644 web/vendor/ircmaxell/password-compat/composer.json create mode 100644 web/vendor/ircmaxell/password-compat/lib/password.php create mode 100644 web/vendor/ircmaxell/password-compat/version-test.php diff --git a/web/composer.json b/web/composer.json index cc22311b1..968d1d4cb 100644 --- a/web/composer.json +++ b/web/composer.json @@ -1,5 +1,6 @@ { "require": { - "firebase/php-jwt": "^5.0" + "firebase/php-jwt": "^5.0", + "ircmaxell/password-compat": "^1.0" } } diff --git a/web/composer.lock b/web/composer.lock index b0b368b4f..b260d2e5a 100644 --- a/web/composer.lock +++ b/web/composer.lock @@ -1,10 +1,10 @@ { "_readme": [ "This file locks the dependencies of your project to a known state", - "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "7f97fc9c4d2beaf06d019ba50f7efcbc", + "content-hash": "5759823f1f047089a354efaa25903378", "packages": [ { "name": "firebase/php-jwt", @@ -51,6 +51,48 @@ "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", "homepage": "https://github.com/firebase/php-jwt", "time": "2017-06-27T22:17:23+00:00" + }, + { + "name": "ircmaxell/password-compat", + "version": "v1.0.4", + "source": { + "type": "git", + "url": "https://github.com/ircmaxell/password_compat.git", + "reference": "5c5cde8822a69545767f7c7f3058cb15ff84614c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ircmaxell/password_compat/zipball/5c5cde8822a69545767f7c7f3058cb15ff84614c", + "reference": "5c5cde8822a69545767f7c7f3058cb15ff84614c", + "shasum": "" + }, + "require-dev": { + "phpunit/phpunit": "4.*" + }, + "type": "library", + "autoload": { + "files": [ + "lib/password.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Anthony Ferrara", + "email": "ircmaxell@php.net", + "homepage": "http://blog.ircmaxell.com" + } + ], + "description": "A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password_hash", + "homepage": "https://github.com/ircmaxell/password_compat", + "keywords": [ + "hashing", + "password" + ], + "time": "2014-11-20T16:49:30+00:00" } ], "packages-dev": [], diff --git a/web/includes/actions/user.php b/web/includes/actions/user.php index bacf68698..2b520cd10 100644 --- a/web/includes/actions/user.php +++ b/web/includes/actions/user.php @@ -67,7 +67,7 @@ if ( $action == 'user' ) { $pass_hash = '"'.password_hash($pass, PASSWORD_BCRYPT).'"'; } else { $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; - ZM\Info ('Cannot use bcrypt as you are using PHP < 5.5'); + ZM\Info ('Cannot use bcrypt as you are using PHP < 5.3'); } diff --git a/web/includes/auth.php b/web/includes/auth.php index 559b478ce..643feb952 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -37,10 +37,8 @@ function migrateHash($user, $pass) { dbQuery($update_password_sql); } else { - // Not really an error, so an info - // there is also a compat library https://github.com/ircmaxell/password_compat - // not sure if its worth it. Do a lot of people really use PHP < 5.5? - ZM\Info ('Cannot migrate password scheme to bcrypt, as you are using PHP < 5.5'); + + ZM\Info ('Cannot migrate password scheme to bcrypt, as you are using PHP < 5.3'); return; } diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index 465da0a02..d7b264834 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -314,7 +314,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI APIs are disabled. To enable, please turn on OPT_USE_API in Options->System"; @@ -377,7 +377,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI foreach( dbFetchAll($sql) as $row ) { ?> - + /> diff --git a/web/vendor/composer/ClassLoader.php b/web/vendor/composer/ClassLoader.php index fce8549f0..dc02dfb11 100644 --- a/web/vendor/composer/ClassLoader.php +++ b/web/vendor/composer/ClassLoader.php @@ -279,7 +279,7 @@ class ClassLoader */ public function setApcuPrefix($apcuPrefix) { - $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null; + $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null; } /** @@ -377,7 +377,7 @@ class ClassLoader $subPath = $class; while (false !== $lastPos = strrpos($subPath, '\\')) { $subPath = substr($subPath, 0, $lastPos); - $search = $subPath . '\\'; + $search = $subPath.'\\'; if (isset($this->prefixDirsPsr4[$search])) { $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); foreach ($this->prefixDirsPsr4[$search] as $dir) { diff --git a/web/vendor/composer/LICENSE b/web/vendor/composer/LICENSE index f27399a04..f0157a6ed 100644 --- a/web/vendor/composer/LICENSE +++ b/web/vendor/composer/LICENSE @@ -1,21 +1,56 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Composer +Upstream-Contact: Jordi Boggiano +Source: https://github.com/composer/composer -Copyright (c) Nils Adermann, Jordi Boggiano +Files: * +Copyright: 2016, Nils Adermann + 2016, Jordi Boggiano +License: Expat -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is furnished -to do so, subject to the following conditions: +Files: src/Composer/Util/TlsHelper.php +Copyright: 2016, Nils Adermann + 2016, Jordi Boggiano + 2013, Evan Coury +License: Expat and BSD-2-Clause -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. +License: BSD-2-Clause + Redistribution and use in source and binary forms, with or without modification, + are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is furnished + to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. diff --git a/web/vendor/composer/autoload_files.php b/web/vendor/composer/autoload_files.php new file mode 100644 index 000000000..eb2e8068e --- /dev/null +++ b/web/vendor/composer/autoload_files.php @@ -0,0 +1,10 @@ + $vendorDir . '/ircmaxell/password-compat/lib/password.php', +); diff --git a/web/vendor/composer/autoload_real.php b/web/vendor/composer/autoload_real.php index accbcefb3..6d63dc4f7 100644 --- a/web/vendor/composer/autoload_real.php +++ b/web/vendor/composer/autoload_real.php @@ -47,6 +47,24 @@ class ComposerAutoloaderInit254e25e69fe049d603f41f5fd853ef2b $loader->register(true); + if ($useStaticLoader) { + $includeFiles = Composer\Autoload\ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b::$files; + } else { + $includeFiles = require __DIR__ . '/autoload_files.php'; + } + foreach ($includeFiles as $fileIdentifier => $file) { + composerRequire254e25e69fe049d603f41f5fd853ef2b($fileIdentifier, $file); + } + return $loader; } } + +function composerRequire254e25e69fe049d603f41f5fd853ef2b($fileIdentifier, $file) +{ + if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { + require $file; + + $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; + } +} diff --git a/web/vendor/composer/autoload_static.php b/web/vendor/composer/autoload_static.php index 2709f5803..980a5a0d7 100644 --- a/web/vendor/composer/autoload_static.php +++ b/web/vendor/composer/autoload_static.php @@ -6,6 +6,10 @@ namespace Composer\Autoload; class ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b { + public static $files = array ( + 'e40631d46120a9c38ea139981f8dab26' => __DIR__ . '/..' . '/ircmaxell/password-compat/lib/password.php', + ); + public static $prefixLengthsPsr4 = array ( 'F' => array ( diff --git a/web/vendor/composer/installed.json b/web/vendor/composer/installed.json index 5b2924c21..0e2ed23cf 100644 --- a/web/vendor/composer/installed.json +++ b/web/vendor/composer/installed.json @@ -46,5 +46,49 @@ ], "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", "homepage": "https://github.com/firebase/php-jwt" + }, + { + "name": "ircmaxell/password-compat", + "version": "v1.0.4", + "version_normalized": "1.0.4.0", + "source": { + "type": "git", + "url": "https://github.com/ircmaxell/password_compat.git", + "reference": "5c5cde8822a69545767f7c7f3058cb15ff84614c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ircmaxell/password_compat/zipball/5c5cde8822a69545767f7c7f3058cb15ff84614c", + "reference": "5c5cde8822a69545767f7c7f3058cb15ff84614c", + "shasum": "" + }, + "require-dev": { + "phpunit/phpunit": "4.*" + }, + "time": "2014-11-20T16:49:30+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "files": [ + "lib/password.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Anthony Ferrara", + "email": "ircmaxell@php.net", + "homepage": "http://blog.ircmaxell.com" + } + ], + "description": "A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password_hash", + "homepage": "https://github.com/ircmaxell/password_compat", + "keywords": [ + "hashing", + "password" + ] } ] diff --git a/web/vendor/ircmaxell/password-compat/LICENSE.md b/web/vendor/ircmaxell/password-compat/LICENSE.md new file mode 100644 index 000000000..1efc565fc --- /dev/null +++ b/web/vendor/ircmaxell/password-compat/LICENSE.md @@ -0,0 +1,7 @@ +Copyright (c) 2012 Anthony Ferrara + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/web/vendor/ircmaxell/password-compat/composer.json b/web/vendor/ircmaxell/password-compat/composer.json new file mode 100644 index 000000000..822fd1ffb --- /dev/null +++ b/web/vendor/ircmaxell/password-compat/composer.json @@ -0,0 +1,20 @@ +{ + "name": "ircmaxell/password-compat", + "description": "A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password_hash", + "keywords": ["password", "hashing"], + "homepage": "https://github.com/ircmaxell/password_compat", + "license": "MIT", + "authors": [ + { + "name": "Anthony Ferrara", + "email": "ircmaxell@php.net", + "homepage": "http://blog.ircmaxell.com" + } + ], + "require-dev": { + "phpunit/phpunit": "4.*" + }, + "autoload": { + "files": ["lib/password.php"] + } +} diff --git a/web/vendor/ircmaxell/password-compat/lib/password.php b/web/vendor/ircmaxell/password-compat/lib/password.php new file mode 100644 index 000000000..cc6896c1d --- /dev/null +++ b/web/vendor/ircmaxell/password-compat/lib/password.php @@ -0,0 +1,314 @@ + + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @copyright 2012 The Authors + */ + +namespace { + + if (!defined('PASSWORD_BCRYPT')) { + /** + * PHPUnit Process isolation caches constants, but not function declarations. + * So we need to check if the constants are defined separately from + * the functions to enable supporting process isolation in userland + * code. + */ + define('PASSWORD_BCRYPT', 1); + define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); + define('PASSWORD_BCRYPT_DEFAULT_COST', 10); + } + + if (!function_exists('password_hash')) { + + /** + * Hash the password using the specified algorithm + * + * @param string $password The password to hash + * @param int $algo The algorithm to use (Defined by PASSWORD_* constants) + * @param array $options The options for the algorithm to use + * + * @return string|false The hashed password, or false on error. + */ + function password_hash($password, $algo, array $options = array()) { + if (!function_exists('crypt')) { + trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); + return null; + } + if (is_null($password) || is_int($password)) { + $password = (string) $password; + } + if (!is_string($password)) { + trigger_error("password_hash(): Password must be a string", E_USER_WARNING); + return null; + } + if (!is_int($algo)) { + trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); + return null; + } + $resultLength = 0; + switch ($algo) { + case PASSWORD_BCRYPT: + $cost = PASSWORD_BCRYPT_DEFAULT_COST; + if (isset($options['cost'])) { + $cost = $options['cost']; + if ($cost < 4 || $cost > 31) { + trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); + return null; + } + } + // The length of salt to generate + $raw_salt_len = 16; + // The length required in the final serialization + $required_salt_len = 22; + $hash_format = sprintf("$2y$%02d$", $cost); + // The expected length of the final crypt() output + $resultLength = 60; + break; + default: + trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); + return null; + } + $salt_requires_encoding = false; + if (isset($options['salt'])) { + switch (gettype($options['salt'])) { + case 'NULL': + case 'boolean': + case 'integer': + case 'double': + case 'string': + $salt = (string) $options['salt']; + break; + case 'object': + if (method_exists($options['salt'], '__tostring')) { + $salt = (string) $options['salt']; + break; + } + case 'array': + case 'resource': + default: + trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); + return null; + } + if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) { + trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING); + return null; + } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { + $salt_requires_encoding = true; + } + } else { + $buffer = ''; + $buffer_valid = false; + if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { + $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); + if ($buffer) { + $buffer_valid = true; + } + } + if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { + $buffer = openssl_random_pseudo_bytes($raw_salt_len); + if ($buffer) { + $buffer_valid = true; + } + } + if (!$buffer_valid && @is_readable('/dev/urandom')) { + $f = fopen('/dev/urandom', 'r'); + $read = PasswordCompat\binary\_strlen($buffer); + while ($read < $raw_salt_len) { + $buffer .= fread($f, $raw_salt_len - $read); + $read = PasswordCompat\binary\_strlen($buffer); + } + fclose($f); + if ($read >= $raw_salt_len) { + $buffer_valid = true; + } + } + if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) { + $bl = PasswordCompat\binary\_strlen($buffer); + for ($i = 0; $i < $raw_salt_len; $i++) { + if ($i < $bl) { + $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); + } else { + $buffer .= chr(mt_rand(0, 255)); + } + } + } + $salt = $buffer; + $salt_requires_encoding = true; + } + if ($salt_requires_encoding) { + // encode string with the Base64 variant used by crypt + $base64_digits = + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; + $bcrypt64_digits = + './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; + + $base64_string = base64_encode($salt); + $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits); + } + $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len); + + $hash = $hash_format . $salt; + + $ret = crypt($password, $hash); + + if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) { + return false; + } + + return $ret; + } + + /** + * Get information about the password hash. Returns an array of the information + * that was used to generate the password hash. + * + * array( + * 'algo' => 1, + * 'algoName' => 'bcrypt', + * 'options' => array( + * 'cost' => PASSWORD_BCRYPT_DEFAULT_COST, + * ), + * ) + * + * @param string $hash The password hash to extract info from + * + * @return array The array of information about the hash. + */ + function password_get_info($hash) { + $return = array( + 'algo' => 0, + 'algoName' => 'unknown', + 'options' => array(), + ); + if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) { + $return['algo'] = PASSWORD_BCRYPT; + $return['algoName'] = 'bcrypt'; + list($cost) = sscanf($hash, "$2y$%d$"); + $return['options']['cost'] = $cost; + } + return $return; + } + + /** + * Determine if the password hash needs to be rehashed according to the options provided + * + * If the answer is true, after validating the password using password_verify, rehash it. + * + * @param string $hash The hash to test + * @param int $algo The algorithm used for new password hashes + * @param array $options The options array passed to password_hash + * + * @return boolean True if the password needs to be rehashed. + */ + function password_needs_rehash($hash, $algo, array $options = array()) { + $info = password_get_info($hash); + if ($info['algo'] != $algo) { + return true; + } + switch ($algo) { + case PASSWORD_BCRYPT: + $cost = isset($options['cost']) ? $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; + if ($cost != $info['options']['cost']) { + return true; + } + break; + } + return false; + } + + /** + * Verify a password against a hash using a timing attack resistant approach + * + * @param string $password The password to verify + * @param string $hash The hash to verify against + * + * @return boolean If the password matches the hash + */ + function password_verify($password, $hash) { + if (!function_exists('crypt')) { + trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); + return false; + } + $ret = crypt($password, $hash); + if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) { + return false; + } + + $status = 0; + for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) { + $status |= (ord($ret[$i]) ^ ord($hash[$i])); + } + + return $status === 0; + } + } + +} + +namespace PasswordCompat\binary { + + if (!function_exists('PasswordCompat\\binary\\_strlen')) { + + /** + * Count the number of bytes in a string + * + * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension. + * In this case, strlen() will count the number of *characters* based on the internal encoding. A + * sequence of bytes might be regarded as a single multibyte character. + * + * @param string $binary_string The input string + * + * @internal + * @return int The number of bytes + */ + function _strlen($binary_string) { + if (function_exists('mb_strlen')) { + return mb_strlen($binary_string, '8bit'); + } + return strlen($binary_string); + } + + /** + * Get a substring based on byte limits + * + * @see _strlen() + * + * @param string $binary_string The input string + * @param int $start + * @param int $length + * + * @internal + * @return string The substring + */ + function _substr($binary_string, $start, $length) { + if (function_exists('mb_substr')) { + return mb_substr($binary_string, $start, $length, '8bit'); + } + return substr($binary_string, $start, $length); + } + + /** + * Check if current PHP version is compatible with the library + * + * @return boolean the check result + */ + function check() { + static $pass = NULL; + + if (is_null($pass)) { + if (function_exists('crypt')) { + $hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG'; + $test = crypt("password", $hash); + $pass = $test == $hash; + } else { + $pass = false; + } + } + return $pass; + } + + } +} \ No newline at end of file diff --git a/web/vendor/ircmaxell/password-compat/version-test.php b/web/vendor/ircmaxell/password-compat/version-test.php new file mode 100644 index 000000000..96f60ca8d --- /dev/null +++ b/web/vendor/ircmaxell/password-compat/version-test.php @@ -0,0 +1,6 @@ + Date: Sun, 12 May 2019 14:48:23 -0400 Subject: [PATCH 067/360] add Password back so User object indexes don't change --- src/zm_user.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 84536c16e..e91f0c067 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -161,7 +161,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if (username != "") { char sql[ZM_SQL_MED_BUFSIZ] = ""; snprintf(sql, sizeof(sql), - "SELECT Id, Username, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds, TokenMinExpiry" + "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds, TokenMinExpiry" " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); if ( mysql_query(&dbconn, sql) ) { From cc0d23ce4ef64300efebd7a8b38fcddc33c24a68 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 15:01:49 -0400 Subject: [PATCH 068/360] move token index after adding password --- src/zm_user.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index e91f0c067..68b52e08c 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -184,8 +184,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { MYSQL_ROW dbrow = mysql_fetch_row(result); User *user = new User(dbrow); - Info ("DB 9=%s", dbrow[9]); - unsigned int stored_iat = strtoul(dbrow[9], NULL,0 ); + unsigned int stored_iat = strtoul(dbrow[10], NULL,0 ); if (stored_iat > iat ) { // admin revoked tokens mysql_free_result(result); From 21710b6e49697bcd8dc5e5117822e4f09f55ea8a Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 15:45:39 -0400 Subject: [PATCH 069/360] demote logs --- src/zm_crypt.cpp | 10 +++++----- src/zm_user.cpp | 4 ++-- src/zms.cpp | 2 +- web/skins/classic/views/options.php | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index c37ab25bc..0235e5c13 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -35,7 +35,7 @@ std::pair verifyToken(std::string jwt_token_str, std } if (decoded.has_payload_claim("user")) { username = decoded.get_payload_claim("user").as_string(); - Info ("Got %s as user claim from token", username.c_str()); + Debug (1, "Got %s as user claim from token", username.c_str()); } else { Error ("User not found in claim"); @@ -44,7 +44,7 @@ std::pair verifyToken(std::string jwt_token_str, std if (decoded.has_payload_claim("iat")) { token_issued_at = (unsigned int) (decoded.get_payload_claim("iat").as_int()); - Info ("Got IAT token=%u", token_issued_at); + Debug (1,"Got IAT token=%u", token_issued_at); } else { @@ -73,7 +73,7 @@ bool verifyPassword(const char *username, const char *input_password, const char } if (db_password_hash[0] == '*') { // MYSQL PASSWORD - Info ("%s is using an MD5 encoded password", username); + Debug (1,"%s is using an MD5 encoded password", username); SHA_CTX ctx1, ctx2; unsigned char digest_interim[SHA_DIGEST_LENGTH]; @@ -96,14 +96,14 @@ bool verifyPassword(const char *username, const char *input_password, const char sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]); final_hash[SHA_DIGEST_LENGTH *2 + 1]=0; - Info ("Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); + Debug (1,"Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); Debug (5, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); password_correct = (strcmp(db_password_hash, final_hash)==0); } else if ((db_password_hash[0] == '$') && (db_password_hash[1]== '2') &&(db_password_hash[3] == '$')) { // BCRYPT - Info ("%s is using a bcrypt encoded password", username); + Debug (1,"%s is using a bcrypt encoded password", username); BCrypt bcrypt; std::string input_hash = bcrypt.generateHash(std::string(input_password)); password_correct = bcrypt.validatePassword(std::string(input_password), std::string(db_password_hash)); diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 68b52e08c..35f25f7c9 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -152,7 +152,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { key += remote_addr; } - Info ("Inside zmLoadTokenUser, formed key=%s", key.c_str()); + Debug (1,"Inside zmLoadTokenUser, formed key=%s", key.c_str()); std::pair ans = verifyToken(jwt_token_str, key); std::string username = ans.first; @@ -192,7 +192,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { return NULL; } - Info ("Got stored expiry time of %u",stored_iat); + Debug (1,"Got stored expiry time of %u",stored_iat); Info ("Authenticated user '%s' via token", username.c_str()); mysql_free_result(result); return user; diff --git a/src/zms.cpp b/src/zms.cpp index 8442b6a65..64c1103db 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -161,7 +161,7 @@ int main( int argc, const char *argv[] ) { strncpy( auth, value, sizeof(auth)-1 ); } else if ( !strcmp( name, "token" ) ) { jwt_token_str = value; - Info("ZMS: JWT token found: %s", jwt_token_str.c_str()); + Debug(1,"ZMS: JWT token found: %s", jwt_token_str.c_str()); } else if ( !strcmp( name, "user" ) ) { username = UriDecode( value ); diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index d7b264834..c0b437855 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -345,7 +345,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI dbQuery('UPDATE Users SET APIEnabled=1 WHERE Id=?', array($markUid)); // echo "UPDATE Users SET APIEnabled=1"." WHERE Id=".$markUid."
"; } - echo "Updated."; + echo "Updated"; } if(array_key_exists('revokeAllTokens',$_POST)){ From 881d531fe960d35c33889128b3d258197269c626 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 18:19:19 -0400 Subject: [PATCH 070/360] make old API auth optional, on by default --- .../lib/ZoneMinder/ConfigData.pm.in | 11 +++ web/api/app/Controller/HostController.php | 78 +++++++++---------- 2 files changed, 48 insertions(+), 41 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index c6ec697f1..ef456f085 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -396,6 +396,17 @@ our @options = ( type => $types{boolean}, category => 'system', }, + { + name => 'ZM_OPT_USE_LEGACY_API_AUTH', + default => 'yes', + description => 'Enable legacy API authentication', + help => q` + Starting version 1.34.0, ZoneMinder uses a more secure + Authentication mechanism using JWT tokens. Older versions used a less secure MD5 based auth hash. It is recommended you turn this off after you are sure you don't need it. If you are using a 3rd party app that relies on the older API auth mechanisms, you will have to update that app if you turn this off. Note that zmNinja 1.3.057 onwards supports the new token system + `, + type => $types{boolean}, + category => 'system', + }, { name => 'ZM_OPT_USE_EVENTNOTIFICATION', default => 'no', diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 7b8c7c0ff..a296ef2bc 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -31,56 +31,52 @@ class HostController extends AppController { } function login() { - $cred_depr = $this->_getCredentialsDeprecated(); - $ver = $this->_getVersion(); - + $mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user'); $mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass'); $mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token'); + $ver = $this->_getVersion(); + $cred = []; + $cred_depr = []; + if ($mUser && $mPassword) { - $cred = $this->_getCredentials(true); - // if you authenticated via user/pass then generate new refresh - $this->set(array( - 'access_token'=>$cred[0], - 'access_token_expires'=>$cred[1], - 'refresh_token'=>$cred[2], - 'refresh_token_expires'=>$cred[3], - 'credentials'=>$cred_depr[0], - 'append_password'=>$cred_depr[1], - 'version' => $ver[0], - 'apiversion' => $ver[1], - '_serialize' => array( - 'access_token', - 'access_token_expires', - 'refresh_token', - 'refresh_token_expires', - 'version', - 'credentials', - 'append_password', - 'apiversion' - ))); + $cred = $this->_getCredentials(true); // generate refresh } else { - $cred = $this->_getCredentials(false); - $this->set(array( - 'access_token'=>$cred[0], - 'access_token_expires'=>$cred[1], - 'credentials'=>$cred_depr[0], - 'append_password'=>$cred_depr[1], - 'version' => $ver[0], - 'apiversion' => $ver[1], - '_serialize' => array( - 'access_token', - 'access_token_expires', - 'version', - 'credentials', - 'append_password', - 'apiversion' - ))); - + $cred = $this->_getCredentials(false); // don't generate refresh } + $login_array = array ( + 'access_token'=>$cred[0], + 'access_token_expires'=>$cred[1], + 'version' => $ver[0], + 'apiversion' => $ver[1] + ); + + $login_serialize_list = array ( + 'access_token', + 'access_token_expires', + 'version', + 'apiversion' + ); + + if ($mUser && mPassword) { + $login_array['refresh_token'] = $cred[2]; + $login_array['refresh_token_expires'] = $cred[3]; + array_push ($login_serialize_list, 'refresh_token', 'refresh_token_expires'); + } + + if (ZM_OPT_USE_LEGACY_API_AUTH) { + $cred_depr = $this->_getCredentialsDeprecated(); + $login_array ['credentials']=$cred_depr[0]; + $login_array ['append_password']=$cred_depr[1]; + array_push ($login_serialize_list, 'credentials', 'append_password'); + } + + $this->set($login_array, + '_serialize' => $login_serialize_list); + } // end function login() From ec279ccc9af525ea0c5d1d023db68520965fa519 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 18:51:07 -0400 Subject: [PATCH 071/360] make old API auth mechanism optional --- web/api/app/Controller/HostController.php | 36 +++++++++++++++++------ 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index a296ef2bc..b5629aca4 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -36,6 +36,11 @@ class HostController extends AppController { $mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass'); $mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token'); + + if ( !($mUser && $mPassword) && !$mToken ) { + throw new UnauthorizedException(__('No identity provided')); + } + $ver = $this->_getVersion(); $cred = []; $cred_depr = []; @@ -47,21 +52,28 @@ class HostController extends AppController { $cred = $this->_getCredentials(false); // don't generate refresh } + $this->set(array( + 'credentials' => $cred[0], + 'append_password'=>$cred[1], + 'version' => $ver[0], + 'apiversion' => $ver[1], + '_serialize' => array('credentials', + 'append_password', + 'version', + 'apiversion' + ))); + $login_array = array ( 'access_token'=>$cred[0], - 'access_token_expires'=>$cred[1], - 'version' => $ver[0], - 'apiversion' => $ver[1] + 'access_token_expires'=>$cred[1] ); $login_serialize_list = array ( 'access_token', - 'access_token_expires', - 'version', - 'apiversion' + 'access_token_expires' ); - if ($mUser && mPassword) { + if ($mUser && $mPassword) { $login_array['refresh_token'] = $cred[2]; $login_array['refresh_token_expires'] = $cred[3]; array_push ($login_serialize_list, 'refresh_token', 'refresh_token_expires'); @@ -74,8 +86,14 @@ class HostController extends AppController { array_push ($login_serialize_list, 'credentials', 'append_password'); } - $this->set($login_array, - '_serialize' => $login_serialize_list); + + $login_array['version'] = $ver[0]; + $login_array['apiversion'] = $ver[1]; + array_push ($login_serialize_list, 'version', 'apiversion'); + + $login_array["_serialize"] = $login_serialize_list; + + $this->set($login_array); } // end function login() From 41ae745b176e132da5ca3b649f6e372e69af34f5 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 12 May 2019 18:53:51 -0400 Subject: [PATCH 072/360] removed stale code --- web/api/app/Controller/HostController.php | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index b5629aca4..9ff4e7c76 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -52,17 +52,6 @@ class HostController extends AppController { $cred = $this->_getCredentials(false); // don't generate refresh } - $this->set(array( - 'credentials' => $cred[0], - 'append_password'=>$cred[1], - 'version' => $ver[0], - 'apiversion' => $ver[1], - '_serialize' => array('credentials', - 'append_password', - 'version', - 'apiversion' - ))); - $login_array = array ( 'access_token'=>$cred[0], 'access_token_expires'=>$cred[1] From 87e407aa906ae2e4d913d4f442abb6d747b1a425 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Mon, 13 May 2019 10:31:09 -0400 Subject: [PATCH 073/360] forgot to checkin update file --- db/zm_update-1.33.9.sql | 3 +++ distros/debian/control | 4 ++-- scripts/zmupdate.pl.in | 15 +++++++++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 db/zm_update-1.33.9.sql diff --git a/db/zm_update-1.33.9.sql b/db/zm_update-1.33.9.sql new file mode 100644 index 000000000..2b298b8b9 --- /dev/null +++ b/db/zm_update-1.33.9.sql @@ -0,0 +1,3 @@ +ALTER TABLE `Users` +ADD COLUMN `TokenMinExpiry` BIGINT UNSIGNED NOT NULL DEFAULT 0 AFTER `MonitorIds`, +ADD COLUMN `APIEnabled` tinyint(3) UNSIGNED NOT NULL default 1 AFTER `TokenMinExpiry`; diff --git a/distros/debian/control b/distros/debian/control index 2b46f44e1..dd5a405cd 100644 --- a/distros/debian/control +++ b/distros/debian/control @@ -26,7 +26,7 @@ Build-Depends: debhelper (>= 9), cmake , libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl , libsys-cpu-perl, libsys-meminfo-perl , libdata-uuid-perl - , libssl-dev + , libssl-dev,libdigest-bcrypt-perl Standards-Version: 3.9.4 Package: zoneminder @@ -52,7 +52,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} , zip , libvlccore5 | libvlccore7 | libvlccore8, libvlc5 , libpolkit-gobject-1-0, php5-gd - , libssl + , libssl,libdigest-bcrypt-perl Recommends: mysql-server | mariadb-server Description: Video camera security and surveillance solution ZoneMinder is intended for use in single or multi-camera video security diff --git a/scripts/zmupdate.pl.in b/scripts/zmupdate.pl.in index bb9dddac4..136856d64 100644 --- a/scripts/zmupdate.pl.in +++ b/scripts/zmupdate.pl.in @@ -312,6 +312,7 @@ if ( $migrateEvents ) { if ( $freshen ) { print( "\nFreshening configuration in database\n" ); migratePaths(); + migratePasswords(); ZoneMinder::Config::loadConfigFromDB(); ZoneMinder::Config::saveConfigToDB(); } @@ -999,6 +1000,20 @@ sub patchDB { } +sub migratePasswords { + + print ("****** MIGRATION"); + my $sql = "select * from Users"; + my $sth = $dbh->prepare_cached( $sql ) or die( "Can't prepare '$sql': ".$dbh->errstr() ); + my $res = $sth->execute() or die( "Can't execute: ".$sth->errstr() ); + while( my $user = $sth->fetchrow_hashref() ) { + my $scheme = substr $user->{Password}, 0, 1; + if ($scheme eq "*") { + print ("*********** HOLY GODZILLA ".$user->{Username}. " uses PASSWORD"); + } + } +} + sub migratePaths { my $customConfigFile = '@ZM_CONFIG_SUBDIR@/zmcustom.conf'; From e9f843f29707f2f3c8f5c3792357d05e3ff64612 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Mon, 13 May 2019 14:29:24 -0400 Subject: [PATCH 074/360] bulk overlay hash mysql encoded passwords --- distros/debian/control | 6 ++++-- scripts/zmupdate.pl.in | 17 +++++++++++++---- web/includes/auth.php | 31 +++++++++++++++++++++---------- 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/distros/debian/control b/distros/debian/control index dd5a405cd..59afe46a8 100644 --- a/distros/debian/control +++ b/distros/debian/control @@ -26,7 +26,7 @@ Build-Depends: debhelper (>= 9), cmake , libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl , libsys-cpu-perl, libsys-meminfo-perl , libdata-uuid-perl - , libssl-dev,libdigest-bcrypt-perl + , libdigest-bcrypt-perl, libdata-entropy-perl Standards-Version: 3.9.4 Package: zoneminder @@ -52,7 +52,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} , zip , libvlccore5 | libvlccore7 | libvlccore8, libvlc5 , libpolkit-gobject-1-0, php5-gd - , libssl,libdigest-bcrypt-perl + , libssl + ,libdigest-bcrypt-perl, libdata-entropy-perl + Recommends: mysql-server | mariadb-server Description: Video camera security and surveillance solution ZoneMinder is intended for use in single or multi-camera video security diff --git a/scripts/zmupdate.pl.in b/scripts/zmupdate.pl.in index 136856d64..8c620443b 100644 --- a/scripts/zmupdate.pl.in +++ b/scripts/zmupdate.pl.in @@ -51,6 +51,8 @@ configuring upgrades etc, including on the fly upgrades. use strict; use bytes; use version; +use Digest; +use Data::Entropy::Algorithms qw(rand_bits); # ========================================================================== # @@ -1001,15 +1003,22 @@ sub patchDB { } sub migratePasswords { - - print ("****** MIGRATION"); + print ("Migratings passwords, if any...\n"); my $sql = "select * from Users"; my $sth = $dbh->prepare_cached( $sql ) or die( "Can't prepare '$sql': ".$dbh->errstr() ); my $res = $sth->execute() or die( "Can't execute: ".$sth->errstr() ); while( my $user = $sth->fetchrow_hashref() ) { - my $scheme = substr $user->{Password}, 0, 1; + my $scheme = substr($user->{Password}, 0, 1); if ($scheme eq "*") { - print ("*********** HOLY GODZILLA ".$user->{Username}. " uses PASSWORD"); + print ("-->".$user->{Username}. " password will be migrated\n"); + my $bcrypt = Digest->new('Bcrypt', cost=>10, salt=>rand_bits(16*8)); + my $settings = $bcrypt->settings(); + my $pass_hash = $bcrypt->add($user->{Password})->bcrypt_b64digest; + #print ("--- New pass overlay ----".$pass_hash); + my $new_pass_hash = "-ZM-".$settings.$pass_hash; + $sql = "UPDATE Users SET PASSWORD=? WHERE Username=?"; + my $sth = $dbh->prepare_cached( $sql ) or die( "Can't prepare '$sql': ".$dbh->errstr() ); + my $res = $sth->execute($new_pass_hash, $user->{Username}) or die( "Can't execute: ".$sth->errstr() ); } } } diff --git a/web/includes/auth.php b/web/includes/auth.php index 643feb952..581fba1be 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -131,20 +131,31 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin $password_type = 'mysql'; } - else { - // bcrypt can have multiple signatures - if (preg_match('/^\$2[ayb]\$.+$/', $saved_password)) { + elseif (preg_match('/^\$2[ayb]\$.+$/', $saved_password)) { + ZM\Logger::Debug('bcrypt signature found, assumed bcrypt password'); + $password_type='bcrypt'; + $password_correct = $passwordHashed? ($password == $saved_password) : password_verify($password, $saved_password); + } + // zmupdate.pl adds a '-ZM-' prefix to overlay encrypted passwords + // this is done so that we don't spend cycles doing two bcrypt password_verify calls + // for every wrong password entered. This will only be invoked for passwords zmupdate.pl has + // overlay hashed + elseif (substr($saved_password, 0,4) == '-ZM-') { + ZM\Logger::Debug("Detected bcrypt overlay hashing for $username"); + ZM\Info("Detected bcrypt overlay hashing for $username"); + $bcrypt_hash = substr ($saved_password, 4); + $mysql_encoded_password ='*'.strtoupper(sha1(sha1($password, true))); + ZM\Logger::Debug("Comparing password $mysql_encoded_password to bcrypt hash: $bcrypt_hash"); + ZM\Info("Comparing password $mysql_encoded_password to bcrypt hash: $bcrypt_hash"); + $password_correct = password_verify($mysql_encoded_password, $bcrypt_hash); + $password_type = "mysql"; // so we can migrate later down - ZM\Logger::Debug ('bcrypt signature found, assumed bcrypt password'); - $password_type='bcrypt'; - $password_correct = $passwordHashed? ($password == $saved_password) : password_verify($password, $saved_password); - } - else { + } + else { // we really should nag the user not to use plain ZM\Warning ('assuming plain text password as signature is not known. Please do not use plain, it is very insecure'); $password_type = 'plain'; $password_correct = ($saved_password == $password); - } } } else { @@ -165,7 +176,7 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin ZM\Info("Login successful for user \"$username\""); $user = $saved_user_details; if ($password_type == 'mysql') { - ZM\Info ('Migrating password, if possible for future logins'); + ZM\Info('Migrating password, if possible for future logins'); migrateHash($username, $password); } unset($_SESSION['loginFailed']); From 4a2ac470eedd2c4479f2d9c49686c9d6baceafe8 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Mon, 13 May 2019 14:32:48 -0400 Subject: [PATCH 075/360] add back ssl_dev, got deleted --- distros/debian/control | 1 + 1 file changed, 1 insertion(+) diff --git a/distros/debian/control b/distros/debian/control index 59afe46a8..87873f294 100644 --- a/distros/debian/control +++ b/distros/debian/control @@ -26,6 +26,7 @@ Build-Depends: debhelper (>= 9), cmake , libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl , libsys-cpu-perl, libsys-meminfo-perl , libdata-uuid-perl + , libssl-dev , libdigest-bcrypt-perl, libdata-entropy-perl Standards-Version: 3.9.4 From 4027a5adf8528a48987b495e81f58e3f4d799a2a Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Mon, 13 May 2019 14:48:26 -0400 Subject: [PATCH 076/360] fix update script --- db/zm_update-1.33.9.sql | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/db/zm_update-1.33.9.sql b/db/zm_update-1.33.9.sql index 2b298b8b9..e0d289ba4 100644 --- a/db/zm_update-1.33.9.sql +++ b/db/zm_update-1.33.9.sql @@ -1,3 +1,27 @@ -ALTER TABLE `Users` -ADD COLUMN `TokenMinExpiry` BIGINT UNSIGNED NOT NULL DEFAULT 0 AFTER `MonitorIds`, -ADD COLUMN `APIEnabled` tinyint(3) UNSIGNED NOT NULL default 1 AFTER `TokenMinExpiry`; +-- +-- Add per user API enable/disable and ability to set a minimum issued time for tokens +-- + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Users' + AND column_name = 'TokenMinExpiry' + ) > 0, +"SELECT 'Column TokenMinExpiry already exists in Users'", +"ALTER TABLE Users ADD `TokenMinExpiry` BIGINT UNSIGNED NOT NULL DEFAULT 0 AFTER `MonitorIds`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Users' + AND column_name = 'APIEnabled' + ) > 0, +"SELECT 'Column APIEnabled already exists in Users'", +"ALTER TABLE Users ADD `APIEnabled` tinyint(3) UNSIGNED NOT NULL default 1 AFTER `TokenMinExpiry`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; From 95460a945ab7e5c63dc0551bdd6230a3026ceb9e Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Tue, 14 May 2019 19:22:49 -0400 Subject: [PATCH 077/360] added token support to index.php --- web/includes/auth.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/web/includes/auth.php b/web/includes/auth.php index 581fba1be..33d2b3fb6 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -386,6 +386,14 @@ if ( ZM_OPT_USE_AUTH ) { } else if ( isset($_REQUEST['username']) and isset($_REQUEST['password']) ) { userLogin($_REQUEST['username'], $_REQUEST['password'], false); } + + if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['token']) ) { + + $ret = validateToken($_REQUEST['token'], 'access'); + $user = $ret[0]; + } + + if ( !empty($user) ) { // generate it once here, while session is open. Value will be cached in session and return when called later on generateAuthHash(ZM_AUTH_HASH_IPS); From a07da01f0ca57b505d442e86bcf8847433195b86 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 15 May 2019 13:57:51 -0400 Subject: [PATCH 078/360] reworked API document for new changes in 2.0 --- docs/api.rst | 318 +++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 244 insertions(+), 74 deletions(-) diff --git a/docs/api.rst b/docs/api.rst index 2f90b7fdf..d60847d92 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -1,10 +1,12 @@ + API ==== -This document will provide an overview of ZoneMinder's API. This is work in progress. +This document will provide an overview of ZoneMinder's API. Overview ^^^^^^^^ + In an effort to further 'open up' ZoneMinder, an API was needed. This will allow quick integration with and development of ZoneMinder. @@ -12,87 +14,175 @@ The API is built in CakePHP and lives under the ``/api`` directory. It provides a RESTful service and supports CRUD (create, retrieve, update, delete) functions for Monitors, Events, Frames, Zones and Config. -Streaming Interface -^^^^^^^^^^^^^^^^^^^ -Developers working on their application often ask if there is an "API" to receive live streams, or recorded event streams. -It is possible to stream both live and recorded streams. This isn't strictly an "API" per-se (that is, it is not integrated -into the Cake PHP based API layer discussed here) and also why we've used the term "Interface" instead of an "API". +API evolution +^^^^^^^^^^^^^^^ -Live Streams -~~~~~~~~~~~~~~ -What you need to know is that if you want to display "live streams", ZoneMinder sends you streaming JPEG images (MJPEG) -which can easily be rendered in a browser using an ``img src`` tag. +The ZoneMinder API has evolved over time. Broadly speaking the iterations were as follows: -For example: +* Prior to version 1.29, there really was no API layer. Users had to use the same URLs that the web console used to 'mimic' operations, or use an XML skin +* Starting version 1.29, a v1.0 CakePHP based API was released which continues to evolve over time. From a security perspective, it still tied into ZM auth and required client cookies for many operations. Primarily, two authentication modes were offered: + * You use cookies to maintain session state (`ZM_SESS_ID`) + * You use an authentication hash to validate yourself, which included encoding personal information and time stamps which at times caused timing validation issues, especially for mobile consumers +* Starting version 1.34, ZoneMinder has introduced a new "token" based system which is based JWT. We have given it a '2.0' version ID. These tokens don't encode any personal data and can be statelessly passed around per request. It introduces concepts like access tokens, refresh tokens and per user level API revocation to manage security better. The internal components of ZoneMinder all support this new scheme now and if you are using the APIs we strongly recommend you migrate to 1.34 and use this new token system (as a side note, 1.34 also moves from MYSQL PASSWORD to Bcrypt for passwords, which is also a good reason why you should migate). +* Note that as of 1.34, both versions of API access will work (tokens and the older auth hash mechanism). -:: +.. NOTE:: + For the rest of the document, we will specifically highlight v2.0 only features. If you don't see a special mention, assume it applies for both API versions. - - -will display a live feed from monitor id 1, scaled down by 50% in quality and resized to 640x480px. - -* This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system -* The "auth" token you see above is required if you use ZoneMinder authentication. To understand how to get the auth token, please read the "Login, Logout & API security" section below. -* The "connkey" parameter is essentially a random number which uniquely identifies a stream. If you don't specify a connkey, ZM will generate its own. It is recommended to generate a connkey because you can then use it to "control" the stream (pause/resume etc.) -* Instead of dealing with the "auth" token, you can also use ``&user=username&pass=password`` where "username" and "password" are your ZoneMinder username and password respectively. Note that this is not recommended because you are transmitting them in a URL and even if you use HTTPS, they may show up in web server logs. - - -PTZ on live streams -------------------- -PTZ commands are pretty cryptic in ZoneMinder. This is not meant to be an exhaustive guide, but just something to whet your appetite: - - -Lets assume you have a monitor, with ID=6. Let's further assume you want to pan it left. - -You'd need to send a: -``POST`` command to ``https://yourserver/zm/index.php`` with the following data payload in the command (NOT in the URL) - -``view=request&request=control&id=6&control=moveConLeft&xge=30&yge=30`` - -Obviously, if you are using authentication, you need to be logged in for this to work. - -Like I said, at this stage, this is only meant to get you started. Explore the ZoneMinder code and use "Inspect source" as you use PTZ commands in the ZoneMinder source code. -`control_functions.php `__ is a great place to start. - - -Pre-recorded (past event) streams -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Similar to live playback, if you have chosen to store events in JPEG mode, you can play it back using: - -:: - - - - -* This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system -* This will playback event 293820, starting from frame 1 as an MJPEG stream -* Like before, you can add more parameters like ``scale`` etc. -* auth and connkey have the same meaning as before, and yes, you can replace auth by ``&user=usename&pass=password`` as before and the same security concerns cited above apply. - -If instead, you have chosen to use the MP4 (Video) storage mode for events, you can directly play back the saved video file: - -:: - - - -* This will play back the video recording for event 294690 - -What other parameters are supported? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The best way to answer this question is to play with ZoneMinder console. Open a browser, play back live or recorded feed, and do an "Inspect Source" to see what parameters -are generated. Change and observe. Enabling API -^^^^^^^^^^^^ -A default ZoneMinder installs with APIs enabled. You can explictly enable/disable the APIs -via the Options->System menu by enabling/disabling ``OPT_USE_API``. Note that if you intend -to use APIs with 3rd party apps, such as zmNinja or others that use APIs, you should also -enable ``AUTH_HASH_LOGINS``. +^^^^^^^^^^^^^ -Login, Logout & API Security -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +ZoneMinder comes with APIs enabled. To check if APIs are enabled, visit ``Options->System``. If ``OPT_USE_API`` is enabled, your APIs are active. +For v2.0 APIs, you have an additional option right below it - ``OPT_USE_LEGACY_API_AUTH`` which is enabled by default. When enabled, the `login.json` API (discussed later) will return both the old style (``auth=``) and new style (``token=``) credentials. The reason this is enabled by default is because any existing apps that use the API would break if they were not updated to use v2.0. (Note that zmNinja 1.3.057 and beyond will support tokens) + +Enabling secret key +^^^^^^^^^^^^^^^^^^^ + +* It is important that you create a "Secret Key". This needs to be a set of hard to guess characters, that only you know. ZoneMinder does not create a key for you. It is your responsibility to create it. If you haven't created one already, please do so by going to ``Options->Systems`` and populating ``AUTH_HASH_SECRET``. Don't forget to save. +* If you plan on using V2.0 token based security, **it is mandatory to populate this secret key**, as it is used to sign the token. If you don't, token authentication will fail. V1.0 did not mandate this requirement. + + +Getting API key +^^^^^^^^^^^^^^^^^^^^^^^ + +To get API key: + +:: + + curl -XPOST [-c cookies.txt] -d "user=yourusername&pass=yourpassword" https://yourserver/zm/api/host/login.json + + +The ``[-c cookies.txt]`` is optional, and will be explained in the next section. + +This returns a payload like this for API v1.0: + +:: + + { + "credentials": "auth=05f3a50e8f7063", + "append_password": 0, + "version": "1.33.9", + "apiversion": "1.0" + } + +Or for API 2.0: + +:: + + { + "access_token": "eyJ0eXAiOiJKHE", + "access_token_expires": 3600, + "refresh_token": "eyJ0eXAiOimPs", + "refresh_token_expires": 86400, + "credentials": "auth=05f3a50e8f7063", # only if OPT_USE_LEGACY_API_AUTH is enabled + "append_password": 0, # only if OPT_USE_LEGACY_API_AUTH is enabled + "version": "1.33.9", + "apiversion": "2.0" + } + +Using these keys with subsequent requests +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Once you have the keys (a.k.a credentials (v1.0, v2.0) or token (v2.0)) you should now supply that credential to subsequent API calls like this: + +:: + + # RECOMMENDED: v2.0 token based + curl -XPOST https://yourserver/zm/api/monitors.json&token= + # or + + # v1.0 or 2.0 based API access (will only work if AUTH_HASH_LOGINS is enabled) + curl -XPOST -d "auth=" https://yourserver/zm/api/monitors.json + # or + curl -XGET https://yourserver/zm/api/monitors.json&auth= + # or, if you specified -c cookies.txt in the original login request + curl -b cookies.txt -XGET https://yourserver/zm/api/monitors.json + + +.. NOTE:: + ZoneMinder's API layer allows API keys to be encoded either as a querty parameter or as a data payload. If you don't pass keys, you could use cookies (not recommended as a general approach) + + +Key lifetime (v1.0) +^^^^^^^^^^^^^^^^^^^^^ + +If you are using the old ``auth_hash`` mechanism present in v1.0, then the credentials will time out based on PHP session timeout. This is often confusing and sometime causes additional issues due to the fact that the old method also includes timestamps in its hash. + +Key lifetime (v2.0) +^^^^^^^^^^^^^^^^^^^^^^ + +In version 2.0, it is very easy to know when a key will expire. You can find that out from the ``access_token_expires`` and ``refresh_token_exipres`` values (in seconds). You should refresh the keys before the timeout occurs, or you will not be able to use the APIs. + +Understanding access/refresh tokens (v2.0) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If you are using V2.0, then you need to know how to use these tokens effectively: + +* Access tokens are short lived. ZoneMinder issues access tokens that live for 3600 seconds (1 hour). +* Access tokens should be used for all subsequent API accesses. +* Refresh tokens should ONLY be used to generate new access tokens. For example, if an access token lives for 1 hour, before the hour completes, invoke the ``login.json`` API above with the refresh token to get a new access token. ZoneMinder issues refresh tokens that live for 24 hours. +* To generate a new refresh token before 24 hours are up, you will need to pass your user login and password to ``login.json`` + +**To Summarize:** + +* Pass your ``username`` and ``password`` to ``login.json`` only once in 24 hours to renew your tokens +* Pass your "refresh token" to ``login.json`` once an hour to renew your ``access token`` +* Use your ``access token`` for all API invocations. + +In fact, V2.0 will reject your request (if it is not to ``login.json``) if it comes with a refresh token instead of an access token to discourage usage of this token when it should not be used. + +This minimizes the amount of sensitive data that is sent over the wire and the lifetime durations are made so that if they get compromised, you can regenerate or invalidate them (more on this later) + +Understanding key security +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Version 1.0 uses an MD5 hash to generate the credentials. The hash is computed over your secret key (if avaiable), username, password and some time parameters (along with remote IP if enabled). This is not a secure/recommended hashing mechanism. If your auth hash is compromised, an attacker will be able to use your hash till it expires. To avoid this, you could disable the user in ZoneMinder. + +* Version 2.0 uses a different approach. The hash is a simple base64 encoded form of "claims", but signed with your secret key. Consider for example, the following access key: + +:: + + eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJab25lTWluZGVyIiwiaWF0IjoxNTU3OTQwNzUyLCJleHAiOjE1NTc5NDQzNTIsInVzZXIiOiJhZG1pbiIsInR5cGUiOiJhY2Nlc3MifQ.-5VOcpw3cFHiSTN5zfGDSrrPyVya1M8_2Anh5u6eNlI + +If you were to use any `JWT token verifier `__ it can easily decode that token and will show: + +:: + + { + "iss": "ZoneMinder", + "iat": 1557940752, + "exp": 1557944352, + "user": "admin", + "type": "access" + } + Invalid Signature + + +Don't be surprised. JWT tokens are not meant to be encrypted. It is just an assertion of a claim. It states that the issuer of this token was ZoneMinder, +It was issued at (iat) Wednesday, 2019-05-15 17:19:12 UTC and will expire on (exp) Wednesday, 2019-05-15 18:19:12 UTC. This token claims to be owned by an admin and is an access token. If your token were to be stolen, this information is available to the person who stole it. Note that there are no sensitive details like passwords in this claim. + +However, that person will **not** have your secret key as part of this token and therefore, will NOT be able to create a new JWT token to get, say, a refresh token. They will however, be able to use your access token to access resources just like the auth hash above, till the access token expires (1hr). To revoke this token, you don't need to disable the user. Go to ``Options->API`` and tap on "Revoke All Access Tokens". This will invalidate the token immediately (this option will invalidate all tokens for all users, and new ones will need to be generated). + +Over time, we will provide you with more fine grained access to these options. + +**Summarizing good practices:** + +* Use HTTPS, not HTTP +* If possible, use free services like `LetsEncrypt `__ instead of self-signed certificates (sometimes this is not possible) +* Keep your tokens as private as possible, and use them as recommended above +* If you believe your tokens are compromised, revoke them, but also check if your attacker has compromised more than you think (example, they may also have your username/password or access to your system via other exploits, in which case they can regenerate as many tokens/credentials as they want). + + + +.. NOTE:: + Subsequent sections don't explicitly callout the key addition to APIs. We assume that you will append the correct keys as per our explanation above. + + + +Logout APIs +^^^^^^^^^^^^^^ The APIs tie into ZoneMinder's existing security model. This means if you have OPT_AUTH enabled, you need to log into ZoneMinder using the same browser you plan to use the APIs from. If you are developing an app that relies on the API, you need @@ -585,6 +675,86 @@ Returns: This only works if you have a multiserver setup in place. If you don't it will return an empty array. +Streaming Interface +^^^^^^^^^^^^^^^^^^^ +Developers working on their application often ask if there is an "API" to receive live streams, or recorded event streams. +It is possible to stream both live and recorded streams. This isn't strictly an "API" per-se (that is, it is not integrated +into the Cake PHP based API layer discussed here) and also why we've used the term "Interface" instead of an "API". + +Live Streams +~~~~~~~~~~~~~~ +What you need to know is that if you want to display "live streams", ZoneMinder sends you streaming JPEG images (MJPEG) +which can easily be rendered in a browser using an ``img src`` tag. + +For example: + +:: + + + #or + + + +will display a live feed from monitor id 1, scaled down by 50% in quality and resized to 640x480px. + +* This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system +* The "auth" token you see above is required if you use ZoneMinder authentication. To understand how to get the auth token, please read the "Login, Logout & API security" section below. +* The "connkey" parameter is essentially a random number which uniquely identifies a stream. If you don't specify a connkey, ZM will generate its own. It is recommended to generate a connkey because you can then use it to "control" the stream (pause/resume etc.) +* Instead of dealing with the "auth" token, you can also use ``&user=username&pass=password`` where "username" and "password" are your ZoneMinder username and password respectively. Note that this is not recommended because you are transmitting them in a URL and even if you use HTTPS, they may show up in web server logs. + + +PTZ on live streams +------------------- +PTZ commands are pretty cryptic in ZoneMinder. This is not meant to be an exhaustive guide, but just something to whet your appetite: + + +Lets assume you have a monitor, with ID=6. Let's further assume you want to pan it left. + +You'd need to send a: +``POST`` command to ``https://yourserver/zm/index.php`` with the following data payload in the command (NOT in the URL) + +``view=request&request=control&id=6&control=moveConLeft&xge=30&yge=30`` + +Obviously, if you are using authentication, you need to be logged in for this to work. + +Like I said, at this stage, this is only meant to get you started. Explore the ZoneMinder code and use "Inspect source" as you use PTZ commands in the ZoneMinder source code. +`control_functions.php `__ is a great place to start. + + +Pre-recorded (past event) streams +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Similar to live playback, if you have chosen to store events in JPEG mode, you can play it back using: + +:: + + + #or + + + +* This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system +* This will playback event 293820, starting from frame 1 as an MJPEG stream +* Like before, you can add more parameters like ``scale`` etc. +* auth and connkey have the same meaning as before, and yes, you can replace auth by ``&user=usename&pass=password`` as before and the same security concerns cited above apply. + +If instead, you have chosen to use the MP4 (Video) storage mode for events, you can directly play back the saved video file: + +:: + + + #or + + +* This will play back the video recording for event 294690 + +What other parameters are supported? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +The best way to answer this question is to play with ZoneMinder console. Open a browser, play back live or recorded feed, and do an "Inspect Source" to see what parameters +are generated. Change and observe. + + + Further Reading ^^^^^^^^^^^^^^^^ As described earlier, treat this document as an "introduction" to the important parts of the API and streaming interfaces. From 0e72080c4a016cb667846760f2fd86125f03daf5 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Thu, 16 May 2019 09:37:11 -0400 Subject: [PATCH 079/360] Migrate from libdigest to crypt-eks-blowfish due to notice --- distros/debian/control | 4 ++-- scripts/zmupdate.pl.in | 11 +++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/distros/debian/control b/distros/debian/control index 87873f294..3296b88c3 100644 --- a/distros/debian/control +++ b/distros/debian/control @@ -27,7 +27,7 @@ Build-Depends: debhelper (>= 9), cmake , libsys-cpu-perl, libsys-meminfo-perl , libdata-uuid-perl , libssl-dev - , libdigest-bcrypt-perl, libdata-entropy-perl + , libcrypt-eksblowfish-perl, libdata-entropy-perl Standards-Version: 3.9.4 Package: zoneminder @@ -54,7 +54,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} , libvlccore5 | libvlccore7 | libvlccore8, libvlc5 , libpolkit-gobject-1-0, php5-gd , libssl - ,libdigest-bcrypt-perl, libdata-entropy-perl + ,libcrypt-eksblowfish-perl, libdata-entropy-perl Recommends: mysql-server | mariadb-server Description: Video camera security and surveillance solution diff --git a/scripts/zmupdate.pl.in b/scripts/zmupdate.pl.in index 8c620443b..8dbc4d14f 100644 --- a/scripts/zmupdate.pl.in +++ b/scripts/zmupdate.pl.in @@ -51,7 +51,7 @@ configuring upgrades etc, including on the fly upgrades. use strict; use bytes; use version; -use Digest; +use Crypt::Eksblowfish::Bcrypt; use Data::Entropy::Algorithms qw(rand_bits); # ========================================================================== @@ -1011,11 +1011,10 @@ sub migratePasswords { my $scheme = substr($user->{Password}, 0, 1); if ($scheme eq "*") { print ("-->".$user->{Username}. " password will be migrated\n"); - my $bcrypt = Digest->new('Bcrypt', cost=>10, salt=>rand_bits(16*8)); - my $settings = $bcrypt->settings(); - my $pass_hash = $bcrypt->add($user->{Password})->bcrypt_b64digest; - #print ("--- New pass overlay ----".$pass_hash); - my $new_pass_hash = "-ZM-".$settings.$pass_hash; + my $salt = Crypt::Eksblowfish::Bcrypt::en_base64(rand_bits(16*8)); + my $settings = '$2a$10$'.$salt; + my $pass_hash = Crypt::Eksblowfish::Bcrypt::bcrypt($user->{Password},$settings); + my $new_pass_hash = "-ZM-".$pass_hash; $sql = "UPDATE Users SET PASSWORD=? WHERE Username=?"; my $sth = $dbh->prepare_cached( $sql ) or die( "Can't prepare '$sql': ".$dbh->errstr() ); my $res = $sth->execute($new_pass_hash, $user->{Username}) or die( "Can't execute: ".$sth->errstr() ); From 4f44db8cbf4d6d292c9c55088fee6ec4455e8cc5 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 16 May 2019 15:35:19 -0400 Subject: [PATCH 080/360] ifdef HAVE_ZLIB_H around code that uses Image->Zip (#2597) --- src/zm_monitorstream.cpp | 8 ++++++++ src/zm_monitorstream.h | 2 ++ 2 files changed, 10 insertions(+) diff --git a/src/zm_monitorstream.cpp b/src/zm_monitorstream.cpp index 0b2811656..124994a48 100644 --- a/src/zm_monitorstream.cpp +++ b/src/zm_monitorstream.cpp @@ -394,10 +394,15 @@ bool MonitorStream::sendFrame(Image *image, struct timeval *timestamp) { img_buffer_size = send_image->Size(); break; case STREAM_ZIP : +#if HAVE_ZLIB_H fputs("Content-Type: image/x-rgbz\r\n",stdout); unsigned long zip_buffer_size; send_image->Zip(img_buffer, &zip_buffer_size); img_buffer_size = zip_buffer_size; +#else + Error("zlib is required for zipped images. Falling back to raw image"); + type = STREAM_RAW; +#endif // HAVE_ZLIB_H break; default : Error("Unexpected frame type %d", type); @@ -794,6 +799,8 @@ void MonitorStream::SingleImageRaw( int scale ) { fwrite( snap_image->Buffer(), snap_image->Size(), 1, stdout ); } + +#ifdef HAVE_ZLIB_H void MonitorStream::SingleImageZip( int scale ) { unsigned long img_buffer_size = 0; static Bytef img_buffer[ZM_MAX_IMAGE_SIZE]; @@ -816,3 +823,4 @@ void MonitorStream::SingleImageZip( int scale ) { fprintf( stdout, "Content-Type: image/x-rgbz\r\n\r\n" ); fwrite( img_buffer, img_buffer_size, 1, stdout ); } +#endif // HAVE_ZLIB_H diff --git a/src/zm_monitorstream.h b/src/zm_monitorstream.h index f3351d3b7..e120331af 100644 --- a/src/zm_monitorstream.h +++ b/src/zm_monitorstream.h @@ -55,7 +55,9 @@ class MonitorStream : public StreamBase { void processCommand( const CmdMsg *msg ); void SingleImage( int scale=100 ); void SingleImageRaw( int scale=100 ); +#ifdef HAVE_ZLIB_H void SingleImageZip( int scale=100 ); +#endif public: MonitorStream() : From eb005e8b9c33e6bdba8b1796393eebf3ea3fdaad Mon Sep 17 00:00:00 2001 From: Mitch Capper Date: Thu, 16 May 2019 12:37:03 -0700 Subject: [PATCH 081/360] FIFO support for zoneminder zone debugging (#2594) Adds fifo options for diagnostic images for much lower impact diagnostics mode. Diagnostic images are only written when there is a client listening for them (otherwise they are skipped). Also added a json stream for the detection data so you can see in real time the pixels or blobs detected for the motion. This allows for easy real time stream of both delta and reference images (as video streams) along with the detection numbers. --- .../lib/ZoneMinder/ConfigData.pm.in | 10 +- src/CMakeLists.txt | 2 +- src/zm_fifo.cpp | 247 ++++++++++++++++++ src/zm_fifo.h | 61 +++++ src/zm_image.cpp | 57 +++- src/zm_image.h | 3 + src/zm_jpeg.cpp | 7 + src/zm_jpeg.h | 2 + src/zm_monitor.cpp | 13 +- src/zm_zone.cpp | 27 +- src/zma.cpp | 2 + src/zms.cpp | 10 +- 12 files changed, 419 insertions(+), 22 deletions(-) create mode 100644 src/zm_fifo.cpp create mode 100644 src/zm_fifo.h diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index 4d96f11db..495e53d29 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -3945,7 +3945,15 @@ our @options = ( help => q`This will affect how long a session will be valid for since the last request. Keeping this short helps prevent session hijacking. Keeping it long allows you to stay logged in longer without refreshing the view.`, type => $types{integer}, category => 'system', - } + }, + { + name => 'ZM_RECORD_DIAG_IMAGES_FIFO', + default => 'no', + description => ' Recording intermediate alarm diagnostic use fifo instead of files (faster)', + help => 'This tries to lessen the load of recording diag images by sending them to a memory FIFO pipe instead of creating each file.', + type => $types{boolean}, + category => 'logging', + }, ); our %options_hash = map { ( $_->{name}, $_ ) } @options; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index e7e3157eb..e27c36d6a 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -4,7 +4,7 @@ configure_file(zm_config.h.in "${CMAKE_CURRENT_BINARY_DIR}/zm_config.h" @ONLY) # Group together all the source files that are used by all the binaries (zmc, zma, zmu, zms etc) -set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp) +set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_fifo.cpp zm_storage.cpp) # A fix for cmake recompiling the source files for every target. add_library(zm STATIC ${ZM_BIN_SRC_FILES}) diff --git a/src/zm_fifo.cpp b/src/zm_fifo.cpp new file mode 100644 index 000000000..538b696fa --- /dev/null +++ b/src/zm_fifo.cpp @@ -0,0 +1,247 @@ +#include +#include +#include +#include +#include +#include + +#include "zm.h" +#include "zm_db.h" +#include "zm_time.h" +#include "zm_mpeg.h" +#include "zm_signal.h" +#include "zm_monitor.h" +#include "zm_fifo.h" +#define RAW_BUFFER 512 +static bool zm_fifodbg_inited = false; +FILE *zm_fifodbg_log_fd = 0; +char zm_fifodbg_log[PATH_MAX] = ""; + +static bool zmFifoDbgOpen(){ + if (zm_fifodbg_log_fd) + fclose(zm_fifodbg_log_fd); + zm_fifodbg_log_fd = NULL; + signal(SIGPIPE, SIG_IGN); + FifoStream::fifo_create_if_missing(zm_fifodbg_log); + int fd = open(zm_fifodbg_log,O_WRONLY|O_NONBLOCK|O_TRUNC); + if (fd < 0) + return ( false ); + int res = flock(fd,LOCK_EX | LOCK_NB); + if (res < 0) + { + close(fd); + return ( false ); + } + zm_fifodbg_log_fd = fdopen(fd,"wb"); + if (zm_fifodbg_log_fd == NULL) + { + close(fd); + return ( false ); + } + return ( true ); +} +int zmFifoDbgInit(Monitor *monitor){ + zm_fifodbg_inited = true; + snprintf( zm_fifodbg_log, sizeof(zm_fifodbg_log), "%s/%d/dbgpipe.log", monitor->getStorage()->Path(), monitor->Id() ); + zmFifoDbgOpen(); + return 1; +} +void zmFifoDbgOutput( int hex, const char * const file, const int line, const int level, const char *fstring, ... ){ + char dbg_string[8192]; + va_list arg_ptr; + if (! zm_fifodbg_inited) + return; + if (! zm_fifodbg_log_fd && ! zmFifoDbgOpen()) + return; + + char *dbg_ptr = dbg_string; + va_start( arg_ptr, fstring ); + if ( hex ) + { + unsigned char *data = va_arg( arg_ptr, unsigned char * ); + int len = va_arg( arg_ptr, int ); + int i; + dbg_ptr += snprintf( dbg_ptr, sizeof(dbg_string)-(dbg_ptr-dbg_string), "%d:", len ); + for ( i = 0; i < len; i++ ) + { + dbg_ptr += snprintf( dbg_ptr, sizeof(dbg_string)-(dbg_ptr-dbg_string), " %02x", data[i] ); + } + } + else + { + dbg_ptr += vsnprintf( dbg_ptr, sizeof(dbg_string)-(dbg_ptr-dbg_string), fstring, arg_ptr ); + } + va_end(arg_ptr); + strncpy( dbg_ptr++, "\n", 1); + int res = fwrite( dbg_string, dbg_ptr-dbg_string, 1, zm_fifodbg_log_fd ); + if (res != 1){ + fclose(zm_fifodbg_log_fd); + zm_fifodbg_log_fd = NULL; + } + else + { + fflush(zm_fifodbg_log_fd); + } +} +bool FifoStream::sendRAWFrames(){ + static unsigned char buffer[RAW_BUFFER]; + int fd = open(stream_path,O_RDONLY); + if (fd < 0) + { + Error( "Can't open %s: %s", stream_path, strerror(errno)); + return( false ); + } + while( (bytes_read = read(fd,buffer,RAW_BUFFER)) ) + { + if (bytes_read == 0) + continue; + if (bytes_read < 0) + { + Error( "Problem during reading: %s", strerror(errno)); + close(fd); + return( false ); + } + if ( fwrite( buffer, bytes_read, 1, stdout ) != 1){ + Error( "Problem during writing: %s", strerror(errno)); + close(fd); + return( false ); + } + fflush( stdout ); + } + close(fd); + return ( true ); +} + +void FifoStream::file_create_if_missing(const char * path, bool is_fifo,bool delete_fake_fifo){ + static struct stat st; + if(stat(path,&st) == 0){ + + if (! is_fifo || S_ISFIFO(st.st_mode) || ! delete_fake_fifo) + return; + Debug(5, "Supposed to be a fifo pipe but isn't, unlinking: %s", path); + unlink(path); + } + int fd; + if (! is_fifo){ + Debug(5, "Creating non fifo file as requested: %s", path); + fd = open(path,O_CREAT|O_WRONLY,S_IRUSR|S_IWUSR); + close(fd); + return; + } + Debug(5, "Making fifo file of: %s", path); + mkfifo(path,S_IRUSR|S_IWUSR); +} +void FifoStream::fifo_create_if_missing(const char * path, bool delete_fake_fifo){ + file_create_if_missing(path,true,delete_fake_fifo); +} +bool FifoStream::sendMJEGFrames(){ + static unsigned char buffer[ZM_MAX_IMAGE_SIZE]; + int fd = open(stream_path,O_RDONLY); + if (fd < 0) + { + Error( "Can't open %s: %s", stream_path, strerror(errno)); + return( false ); + } + total_read = 0; + while( (bytes_read = read(fd,buffer+total_read,ZM_MAX_IMAGE_SIZE-total_read)) ) + { + if (bytes_read < 0) + { + Error( "Problem during reading: %s", strerror(errno)); + close(fd); + return( false ); + } + total_read+=bytes_read; + } + close(fd); + if (total_read == 0) + return( true ); + if (frame_count%frame_mod != 0) + return (true ); + if (fprintf( stdout, "--ZoneMinderFrame\r\n" ) < 0 ) + { + Error( "Problem during writing: %s", strerror(errno)); + return( false ); + } + + fprintf( stdout, "Content-Type: image/jpeg\r\n" ); + fprintf( stdout, "Content-Length: %d\r\n\r\n", total_read ); + if ( fwrite( buffer, total_read, 1, stdout ) != 1){ + Error( "Problem during reading: %s", strerror(errno)); + return( false ); + } + fprintf( stdout, "\r\n\r\n" ); + fflush( stdout); + last_frame_sent = TV_2_FLOAT( now ); + frame_count++; + return( true ); +} + +void FifoStream::setStreamStart( const char * path ){ + stream_path = strdup(path); +} +void FifoStream::setStreamStart( int monitor_id, const char * format ){ + char diag_path[PATH_MAX]; + const char * filename; + Monitor * monitor = Monitor::Load(monitor_id, false, Monitor::QUERY); + + if (! strcmp(format,"reference") ) + { + stream_type = MJPEG; + filename = "diagpipe-r.jpg"; + } + else if (! strcmp(format,"delta")) + { + filename = "diagpipe-d.jpg"; + stream_type = MJPEG; + } + else + { + stream_type = RAW; + filename = "dbgpipe.log"; + } + + snprintf( diag_path, sizeof(diag_path), "%s/%d/%s", monitor->getStorage()->Path(), monitor->Id(), filename ); + setStreamStart(diag_path); +} +void FifoStream::runStream(){ + if (stream_type == MJPEG) + fprintf( stdout, "Content-Type: multipart/x-mixed-replace;boundary=ZoneMinderFrame\r\n\r\n" ); + else + fprintf( stdout, "Content-Type: text/html\r\n\r\n" ); + + char lock_file[PATH_MAX]; + strcpy(lock_file,stream_path); + strcat(lock_file,".rlock"); + file_create_if_missing(lock_file,false); + int fd_lock = open(lock_file,O_RDONLY); + if (fd_lock < 0) + { + Error( "Can't open %s: %s", lock_file, strerror(errno)); + return; + } + int res = flock(fd_lock,LOCK_EX | LOCK_NB); + if (res < 0) + { + Error( "Flocking problem on %s: - %s", lock_file, strerror(errno) ); + close(fd_lock); + return; + } + + while( !zm_terminate ) + { + gettimeofday( &now, NULL ); + checkCommandQueue(); + if (stream_type == MJPEG) + { + if (! sendMJEGFrames()) + zm_terminate = true; + } + else + { + if (! sendRAWFrames()) + zm_terminate = true; + } + } + close(fd_lock); +} diff --git a/src/zm_fifo.h b/src/zm_fifo.h new file mode 100644 index 000000000..8d1b1ae8c --- /dev/null +++ b/src/zm_fifo.h @@ -0,0 +1,61 @@ +#ifndef ZM_FIFO_H +#define ZM_FIFO_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "zm.h" +#include "zm_image.h" +#include "zm_monitor.h" +#include "zm_stream.h" + + +#define zmFifoDbgPrintf(level,params...) {\ + zmFifoDbgOutput( 0, __FILE__, __LINE__, level, ##params );\ + } + +#ifndef ZM_DBG_OFF +#define FifoDebug(level,params...) zmFifoDbgPrintf(level,##params) +#else +#define FifoDebug(level,params...) +#endif +void zmFifoDbgOutput( int hex, const char * const file, const int line, const int level, const char *fstring, ... ) __attribute__ ((format(printf, 5, 6))); +int zmFifoDbgInit(Monitor * monitor); + +class FifoStream : public StreamBase +{ + +private: + char * stream_path; + int fd; + int total_read; + int bytes_read; + unsigned int frame_count; + static void file_create_if_missing(const char * path, bool is_fifo, bool delete_fake_fifo=true); + +protected: + typedef enum { MJPEG, RAW } StreamType; + StreamType stream_type; + bool sendMJEGFrames( ); + bool sendRAWFrames( ); + void processCommand( const CmdMsg *msg ) {}; + +public: + FifoStream(){ + + + } + static void fifo_create_if_missing(const char * path,bool delete_fake_fifo=true); + void setStreamStart( const char * path ); + void setStreamStart( int monitor_id, const char * format ); + + void runStream(); +}; +#endif diff --git a/src/zm_image.cpp b/src/zm_image.cpp index e58e40342..12c3da86e 100644 --- a/src/zm_image.cpp +++ b/src/zm_image.cpp @@ -24,6 +24,7 @@ #include "zm_rgb.h" #include "zm_ffmpeg.h" +#include #include #include @@ -957,7 +958,7 @@ cinfo->out_color_space = JCS_RGB; return( true ); } -// Multiple calling formats to permit inclusion (or not) of both quality_override and timestamp (exif), with suitable defaults. +// Multiple calling formats to permit inclusion (or not) of non blocking, quality_override and timestamp (exif), with suitable defaults. // Note quality=zero means default bool Image::WriteJpeg(const char *filename, int quality_override) const { @@ -966,33 +967,71 @@ bool Image::WriteJpeg(const char *filename, int quality_override) const { bool Image::WriteJpeg(const char *filename) const { return Image::WriteJpeg(filename, 0, (timeval){0,0}); } +bool Image::WriteJpeg(const char *filename, bool on_blocking_abort) const { + return Image::WriteJpeg(filename, 0, (timeval){0,0}, on_blocking_abort); +} bool Image::WriteJpeg(const char *filename, struct timeval timestamp) const { return Image::WriteJpeg(filename, 0, timestamp); } bool Image::WriteJpeg(const char *filename, int quality_override, struct timeval timestamp) const { + return Image::WriteJpeg(filename, quality_override, timestamp, false); +} +bool Image::WriteJpeg(const char *filename, int quality_override, struct timeval timestamp, bool on_blocking_abort) const { if ( config.colour_jpeg_files && colours == ZM_COLOUR_GRAY8 ) { Image temp_image(*this); temp_image.Colourise(ZM_COLOUR_RGB24, ZM_SUBPIX_ORDER_RGB); - return temp_image.WriteJpeg(filename, quality_override, timestamp); + return temp_image.WriteJpeg(filename, quality_override, timestamp, on_blocking_abort); } int quality = quality_override?quality_override:config.jpeg_file_quality; struct jpeg_compress_struct *cinfo = writejpg_ccinfo[quality]; + FILE *outfile =NULL; + static int raw_fd = 0; + bool need_create_comp = false; + raw_fd = 0; if ( !cinfo ) { cinfo = writejpg_ccinfo[quality] = new jpeg_compress_struct; cinfo->err = jpeg_std_error( &jpg_err.pub ); - jpg_err.pub.error_exit = zm_jpeg_error_exit; - jpg_err.pub.emit_message = zm_jpeg_emit_message; jpeg_create_compress( cinfo ); + need_create_comp=true; + } + if (! on_blocking_abort) { + jpg_err.pub.error_exit = zm_jpeg_error_exit; + jpg_err.pub.emit_message = zm_jpeg_emit_message; + } else { + jpg_err.pub.error_exit = zm_jpeg_error_silent; + jpg_err.pub.emit_message = zm_jpeg_emit_silence; + if (setjmp( jpg_err.setjmp_buffer ) ) { + jpeg_abort_compress( cinfo ); + Debug( 5, "Aborted a write mid-stream and %s and %d", (outfile == NULL) ? "closing file" : "file not opened", raw_fd ); + if (raw_fd) + close(raw_fd); + if (outfile) + fclose( outfile ); + return ( false ); + } + } + if (need_create_comp) + jpeg_create_compress( cinfo ); + + if (! on_blocking_abort) { + if ( (outfile = fopen(filename, "wb")) == NULL ) { + Error( "Can't open %s for writing: %s", filename, strerror(errno) ); + return false; + } + } else { + raw_fd = open(filename,O_WRONLY|O_NONBLOCK|O_CREAT|O_TRUNC,S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + if (raw_fd < 0) + return ( false ); + outfile = fdopen(raw_fd,"wb"); + if (outfile == NULL) { + close(raw_fd); + return( false ); + } } - FILE *outfile; - if ( (outfile = fopen(filename, "wb")) == NULL ) { - Error("Can't open %s: %s", filename, strerror(errno)); - return false; - } jpeg_stdio_dest( cinfo, outfile ); cinfo->image_width = width; /* image width and height, in pixels */ diff --git a/src/zm_image.h b/src/zm_image.h index 7133d0e35..d90d7c358 100644 --- a/src/zm_image.h +++ b/src/zm_image.h @@ -218,9 +218,12 @@ public: bool ReadJpeg( const char *filename, unsigned int p_colours, unsigned int p_subpixelorder); bool WriteJpeg ( const char *filename) const; + bool WriteJpeg ( const char *filename, bool on_blocking_abort) const; bool WriteJpeg ( const char *filename, int quality_override ) const; bool WriteJpeg ( const char *filename, struct timeval timestamp ) const; bool WriteJpeg ( const char *filename, int quality_override, struct timeval timestamp ) const; + bool WriteJpeg ( const char *filename, int quality_override, struct timeval timestamp, bool on_blocking_abort ) const; + bool DecodeJpeg( const JOCTET *inbuffer, int inbuffer_size, unsigned int p_colours, unsigned int p_subpixelorder); bool EncodeJpeg( JOCTET *outbuffer, int *outbuffer_size, int quality_override=0 ) const; diff --git a/src/zm_jpeg.cpp b/src/zm_jpeg.cpp index cddf086c5..8e8899227 100644 --- a/src/zm_jpeg.cpp +++ b/src/zm_jpeg.cpp @@ -30,6 +30,13 @@ extern "C" static int jpeg_err_count = 0; +void zm_jpeg_error_silent( j_common_ptr cinfo ){ + zm_error_ptr zmerr = (zm_error_ptr)cinfo->err; + longjmp( zmerr->setjmp_buffer, 1 ); +} +void zm_jpeg_emit_silence( j_common_ptr cinfo, int msg_level ){ +} + void zm_jpeg_error_exit( j_common_ptr cinfo ) { static char buffer[JMSG_LENGTH_MAX]; diff --git a/src/zm_jpeg.h b/src/zm_jpeg.h index d0348dd3e..f0b4a355c 100644 --- a/src/zm_jpeg.h +++ b/src/zm_jpeg.h @@ -38,6 +38,8 @@ struct zm_error_mgr typedef struct zm_error_mgr *zm_error_ptr; +void zm_jpeg_error_silent( j_common_ptr cinfo ); +void zm_jpeg_emit_silence( j_common_ptr cinfo, int msg_level ); void zm_jpeg_error_exit( j_common_ptr cinfo ); void zm_jpeg_emit_message( j_common_ptr cinfo, int msg_level ); diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index 2987d08f2..99416b658 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -44,6 +44,7 @@ #if HAVE_LIBAVFORMAT #include "zm_ffmpeg_camera.h" #endif // HAVE_LIBAVFORMAT +#include "zm_fifo.h" #if HAVE_LIBVLC #include "zm_libvlc_camera.h" #endif // HAVE_LIBVLC @@ -517,8 +518,12 @@ Monitor::Monitor( ReloadLinkedMonitors(p_linked_monitors); if ( config.record_diag_images ) { - diag_path_r = stringtf("%s/%d/diag-r.jpg", storage->Path(), id); - diag_path_d = stringtf("%s/%d/diag-d.jpg", storage->Path(), id); + diag_path_r = stringtf(config.record_diag_images_fifo ? "%s/%d/diagpipe-r.jpg" : "%s/%d/diag-r.jpg", storage->Path(), id); + diag_path_d = stringtf(config.record_diag_images_fifo ? "%s/%d/diagpipe-d.jpg" : "%s/%d/diag-d.jpg", storage->Path(), id); + if (config.record_diag_images_fifo){ + FifoStream::fifo_create_if_missing(diag_path_r.c_str()); + FifoStream::fifo_create_if_missing(diag_path_d.c_str()); + } } } // end if purpose == ANALYSIS @@ -2614,8 +2619,8 @@ unsigned int Monitor::DetectMotion(const Image &comp_image, Event::StringSet &zo ref_image.Delta(comp_image, &delta_image); if ( config.record_diag_images ) { - ref_image.WriteJpeg(diag_path_r.c_str()); - delta_image.WriteJpeg(diag_path_d.c_str()); + ref_image.WriteJpeg(diag_path_r.c_str(), config.record_diag_images_fifo); + delta_image.WriteJpeg(diag_path_d.c_str(), config.record_diag_images_fifo); } // Blank out all exclusion zones diff --git a/src/zm_zone.cpp b/src/zm_zone.cpp index 6d4ae15e3..de2f8003d 100644 --- a/src/zm_zone.cpp +++ b/src/zm_zone.cpp @@ -24,6 +24,7 @@ #include "zm_zone.h" #include "zm_image.h" #include "zm_monitor.h" +#include "zm_fifo.h" void Zone::Setup( @@ -112,8 +113,10 @@ void Zone::Setup( } if ( config.record_diag_images ) { - snprintf(diag_path, sizeof(diag_path), "%s/diag-%d-poly.jpg", monitor->getStorage()->Path(), id); - pg_image->WriteJpeg(diag_path); + snprintf(diag_path, sizeof(diag_path), config.record_diag_images_fifo ? "%s/diagpipe-%d-poly.jpg" : "%s/diag-%d-poly.jpg", monitor->getStorage()->Path(), id); + if (config.record_diag_images_fifo) + FifoStream::fifo_create_if_missing(diag_path); + pg_image->WriteJpeg(diag_path, config.record_diag_images_fifo); } else { diag_path[0] = 0; } @@ -232,7 +235,7 @@ bool Zone::CheckAlarms(const Image *delta_image) { std_alarmedpixels(diff_image, pg_image, &alarm_pixels, &pixel_diff_count); if ( config.record_diag_images ) - diff_image->WriteJpeg(diag_path); + diff_image->WriteJpeg(diag_path, config.record_diag_images_fifo); if ( pixel_diff_count && alarm_pixels ) pixel_diff = pixel_diff_count/alarm_pixels; @@ -240,6 +243,10 @@ bool Zone::CheckAlarms(const Image *delta_image) { Debug(5, "Got %d alarmed pixels, need %d -> %d, avg pixel diff %d", alarm_pixels, min_alarm_pixels, max_alarm_pixels, pixel_diff); + if (config.record_diag_images_fifo) + FifoDebug( 5, "{\"zone\":%d,\"type\":\"ALRM\",\"pixels\":%d,\"avg_diff\":%d}", id,alarm_pixels, pixel_diff ); + + if ( alarm_pixels ) { if ( min_alarm_pixels && (alarm_pixels < (unsigned int)min_alarm_pixels) ) { /* Not enough pixels alarmed */ @@ -316,11 +323,14 @@ bool Zone::CheckAlarms(const Image *delta_image) { } if ( config.record_diag_images ) - diff_image->WriteJpeg(diag_path); + diff_image->WriteJpeg(diag_path, config.record_diag_images_fifo); Debug(5, "Got %d filtered pixels, need %d -> %d", alarm_filter_pixels, min_filter_pixels, max_filter_pixels); + if (config.record_diag_images_fifo) + FifoDebug( 5, "{\"zone\":%d,\"type\":\"FILT\",\"pixels\":%d}", id, alarm_filter_pixels ); + if ( alarm_filter_pixels ) { if ( min_filter_pixels && (alarm_filter_pixels < min_filter_pixels) ) { /* Not enough pixels alarmed */ @@ -542,7 +552,7 @@ bool Zone::CheckAlarms(const Image *delta_image) { } } if ( config.record_diag_images ) - diff_image->WriteJpeg(diag_path); + diff_image->WriteJpeg(diag_path, config.record_diag_images_fifo); if ( !alarm_blobs ) { return false; @@ -551,6 +561,9 @@ bool Zone::CheckAlarms(const Image *delta_image) { Debug(5, "Got %d raw blob pixels, %d raw blobs, need %d -> %d, %d -> %d", alarm_blob_pixels, alarm_blobs, min_blob_pixels, max_blob_pixels, min_blobs, max_blobs); + if (config.record_diag_images_fifo) + FifoDebug( 5, "{\"zone\":%d,\"type\":\"RBLB\",\"pixels\":%d,\"blobs\":%d}", id, alarm_blob_pixels, alarm_blobs ); + // Now eliminate blobs under the threshold for ( int i = 1; i < WHITE; i++ ) { BlobStats *bs = &blob_stats[i]; @@ -587,10 +600,12 @@ bool Zone::CheckAlarms(const Image *delta_image) { } // end if bs_count } // end for i < WHITE if ( config.record_diag_images ) - diff_image->WriteJpeg(diag_path); + diff_image->WriteJpeg(diag_path, config.record_diag_images_fifo); Debug(5, "Got %d blob pixels, %d blobs, need %d -> %d, %d -> %d", alarm_blob_pixels, alarm_blobs, min_blob_pixels, max_blob_pixels, min_blobs, max_blobs); + if (config.record_diag_images_fifo) + FifoDebug( 5, "{\"zone\":%d,\"type\":\"FBLB\",\"pixels\":%d,\"blobs\":%d}", id, alarm_blob_pixels, alarm_blobs ); if ( alarm_blobs ) { if ( min_blobs && (alarm_blobs < min_blobs) ) { diff --git a/src/zma.cpp b/src/zma.cpp index 33dedbe54..a0cb048bf 100644 --- a/src/zma.cpp +++ b/src/zma.cpp @@ -56,6 +56,7 @@ behind. #include "zm_db.h" #include "zm_signal.h" #include "zm_monitor.h" +#include "zm_fifo.h" void Usage() { fprintf(stderr, "zma -m \n"); @@ -129,6 +130,7 @@ int main( int argc, char *argv[] ) { hwcaps_detect(); Monitor *monitor = Monitor::Load(id, true, Monitor::ANALYSIS); + zmFifoDbgInit( monitor ); if ( monitor ) { Info("In mode %d/%d, warming up", monitor->GetFunction(), monitor->Enabled()); diff --git a/src/zms.cpp b/src/zms.cpp index 0a3712938..6042dbef3 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -28,6 +28,7 @@ #include "zm_monitor.h" #include "zm_monitorstream.h" #include "zm_eventstream.h" +#include "zm_fifo.h" bool ValidateAccess( User *user, int mon_id ) { bool allowed = true; @@ -54,7 +55,7 @@ int main( int argc, const char *argv[] ) { srand( getpid() * time( 0 ) ); - enum { ZMS_UNKNOWN, ZMS_MONITOR, ZMS_EVENT } source = ZMS_UNKNOWN; + enum { ZMS_UNKNOWN, ZMS_MONITOR, ZMS_EVENT, ZMS_FIFO } source = ZMS_UNKNOWN; enum { ZMS_JPEG, ZMS_MPEG, ZMS_RAW, ZMS_ZIP, ZMS_SINGLE } mode = ZMS_JPEG; char format[32] = ""; int monitor_id = 0; @@ -110,6 +111,8 @@ int main( int argc, const char *argv[] ) { value = (char *)""; if ( !strcmp(name, "source") ) { source = !strcmp(value, "event")?ZMS_EVENT:ZMS_MONITOR; + if (! strcmp( value,"fifo") ) + source = ZMS_FIFO; } else if ( !strcmp(name, "mode") ) { mode = !strcmp(value, "jpeg")?ZMS_JPEG:ZMS_MPEG; mode = !strcmp(value, "raw")?ZMS_RAW:mode; @@ -274,6 +277,11 @@ int main( int argc, const char *argv[] ) { #endif // HAVE_LIBAVCODEC } stream.runStream(); + } else if (source == ZMS_FIFO ) { + FifoStream stream; + stream.setStreamMaxFPS( maxfps ); + stream.setStreamStart( monitor_id, format ); + stream.runStream(); } else if ( source == ZMS_EVENT ) { if ( ! event_id ) { Fatal( "Can't view an event without specifying an event_id." ); From 96f578f1bde6330e15dc8b5a497477956945452c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 16 May 2019 15:37:37 -0400 Subject: [PATCH 082/360] If running a custom run state, show the state instead of Running. Also select the running state in the state change popup. (#2604) --- web/skins/classic/includes/functions.php | 13 ++++++++++--- web/skins/classic/views/state.php | 4 +++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index 2d71b2397..40bf18b30 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -233,7 +233,12 @@ function getNavBarHTML($reload = null) { ob_start(); if ( $running == null ) $running = daemonCheck(); - $status = $running?translate('Running'):translate('Stopped'); + if ( $running ) { + $state = dbFetchOne('SELECT Name FROM States WHERE isActive=1', 'Name'); + if ( $state == 'default' ) + $state = ''; + } + $status = $running ? ($state ? $state : translate('Running')) : translate('Stopped'); ?>
@@ -244,7 +249,9 @@ function getNavBarHTML($reload = null) { -
+
+ +
diff --git a/web/skins/classic/views/state.php b/web/skins/classic/views/state.php index dead5ebf5..12180000d 100644 --- a/web/skins/classic/views/state.php +++ b/web/skins/classic/views/state.php @@ -54,7 +54,9 @@ if ( $running ) { $states = dbFetchAll('SELECT * FROM States'); foreach ( $states as $state ) { ?> - + From 06eb9a3bb2d61349b131856b755e773fb9a1de54 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Thu, 16 May 2019 16:15:16 -0400 Subject: [PATCH 083/360] merge typo --- src/CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ba1894a6c..3628a4944 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -4,7 +4,6 @@ configure_file(zm_config.h.in "${CMAKE_CURRENT_BINARY_DIR}/zm_config.h" @ONLY) # Group together all the source files that are used by all the binaries (zmc, zma, zmu, zms etc) -<<<<<<< HEAD set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp zm_fifo.cpp zm_crypt.cpp) From 17e0b4ac4b12a57cfa0e458c63210e5fb3126ce8 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 17 May 2019 08:34:19 -0400 Subject: [PATCH 084/360] test for error code from db creation and if there is an error, die with an error code. --- distros/debian/postinst | 4 ++++ distros/ubuntu1204/zoneminder.postinst | 4 ++++ distros/ubuntu1604/zoneminder.postinst | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/distros/debian/postinst b/distros/debian/postinst index 3cd3fd277..36472436a 100644 --- a/distros/debian/postinst +++ b/distros/debian/postinst @@ -31,6 +31,10 @@ if [ "$1" = "configure" ]; then # test if database if already present... if ! $(echo quit | mysql --defaults-file=/etc/mysql/debian.cnf zm > /dev/null 2> /dev/null) ; then cat /usr/share/zoneminder/db/zm_create.sql | mysql --defaults-file=/etc/mysql/debian.cnf + if [ $? -ne 0 ]; then + echo "Error creating db." + exit 1; + fi # This creates the user. echo "grant lock tables, alter,select,insert,update,delete,create,index on ${ZM_DB_NAME}.* to '${ZM_DB_USER}'@localhost identified by \"${ZM_DB_PASS}\";" | mysql --defaults-file=/etc/mysql/debian.cnf mysql else diff --git a/distros/ubuntu1204/zoneminder.postinst b/distros/ubuntu1204/zoneminder.postinst index ef715375b..603786ff6 100644 --- a/distros/ubuntu1204/zoneminder.postinst +++ b/distros/ubuntu1204/zoneminder.postinst @@ -34,6 +34,10 @@ if [ "$1" = "configure" ]; then # test if database if already present... if ! $(echo quit | mysql --defaults-file=/etc/mysql/debian.cnf zm > /dev/null 2> /dev/null) ; then cat /usr/share/zoneminder/db/zm_create.sql | mysql --defaults-file=/etc/mysql/debian.cnf + if [ $? -ne 0 ]; then + echo "Error creating db." + exit 1; + fi # This creates the user. echo "grant lock tables, alter,drop,select,insert,update,delete,create,index,alter routine,create routine, trigger,execute on ${ZM_DB_NAME}.* to '${ZM_DB_USER}'@localhost identified by \"${ZM_DB_PASS}\";" | mysql --defaults-file=/etc/mysql/debian.cnf mysql else diff --git a/distros/ubuntu1604/zoneminder.postinst b/distros/ubuntu1604/zoneminder.postinst index ffde50283..d3983950b 100644 --- a/distros/ubuntu1604/zoneminder.postinst +++ b/distros/ubuntu1604/zoneminder.postinst @@ -56,6 +56,10 @@ if [ "$1" = "configure" ]; then if ! $(echo quit | mysql --defaults-file=/etc/mysql/debian.cnf zm > /dev/null 2> /dev/null) ; then echo "Creating zm db" cat /usr/share/zoneminder/db/zm_create.sql | mysql --defaults-file=/etc/mysql/debian.cnf + if [ $? -ne 0 ]; then + echo "Error creating db." + exit 1; + fi # This creates the user. echo "grant lock tables,alter,drop,select,insert,update,delete,create,index,alter routine,create routine, trigger,execute on ${ZM_DB_NAME}.* to '${ZM_DB_USER}'@localhost identified by \"${ZM_DB_PASS}\";" | mysql --defaults-file=/etc/mysql/debian.cnf mysql else From 923f798e69f3fe31eb4e5c964ff774594a319309 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 17 May 2019 09:32:23 -0400 Subject: [PATCH 085/360] css classess for text that disappear --- web/lang/en_gb.php | 1 + web/skins/classic/css/base/skin.css | 43 +++++++++++++++++++++++++++++ web/skins/classic/views/options.php | 7 ++--- 3 files changed, 47 insertions(+), 4 deletions(-) diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 9dfa2860c..1fdd112e0 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -102,6 +102,7 @@ $SLANG = array( 'AlarmRGBUnset' => 'You must set an alarm RGB colour', 'Alert' => 'Alert', 'All' => 'All', + 'AllTokensRevoked' => 'All Tokens Revoked', 'AnalysisFPS' => 'Analysis FPS', 'AnalysisUpdateDelay' => 'Analysis Update Delay', 'API' => 'API', diff --git a/web/skins/classic/css/base/skin.css b/web/skins/classic/css/base/skin.css index 069952d40..99692bff6 100644 --- a/web/skins/classic/css/base/skin.css +++ b/web/skins/classic/css/base/skin.css @@ -350,10 +350,53 @@ fieldset > legend { .alert, .warnText, .warning, .disabledText { color: #ffa801; } + + .alarm, .errorText, .error { color: #ff3f34; } +.timedErrorBox { + color:white; + background:#e74c3c; + border-radius:5px; + padding:5px; + -moz-animation: inAndOut 5s ease-in forwards; + -webkit-animation: inAndOut 5s ease-in forwards; + animation: inAndOut 5s ease-in forwards; +} + +/* + the timed classed auto disappear after 5s +*/ +.timedWarningBox { + color:white; + background:#e67e22; + border-radius:5px; + padding:5px; + -moz-animation: inAndOut 5s ease-in forwards; + -webkit-animation: inAndOut 5s ease-in forwards; + animation: inAndOut 5s ease-in forwards; +} + +.timedSuccessBox { + color:white; + background:#27ae60; + border-radius:5px; + padding:5px; + -moz-animation: inAndOut 5s ease-in forwards; + -webkit-animation: inAndOut 5s ease-in forwards; + animation: inAndOut 5s ease-in forwards; +} + +@keyframes inAndOut { + 0% {opacity:0;} + 10% {opacity:1;} + 90% {opacity:1;} + 100% {opacity:0;} +} + + .fakelink { color: #7f7fb2; cursor: pointer; diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index c0b437855..fa6a1fe61 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -330,7 +330,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI { $minTokenTime = time(); dbQuery ('UPDATE Users SET TokenMinExpiry=?', array ($minTokenTime)); - echo "All Tokens Revoked"; + echo "translate('AllTokensRevoked')"; } function updateSelected() @@ -338,14 +338,13 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI dbQuery("UPDATE Users SET APIEnabled=0"); foreach( $_REQUEST["tokenUids"] as $markUid ) { $minTime = time(); - // echo "UPDATE Users SET TokenMinExpiry=".$minTime." WHERE Id=".$markUid."
"; dbQuery('UPDATE Users SET TokenMinExpiry=? WHERE Id=?', array($minTime, $markUid)); } foreach( $_REQUEST["apiUids"] as $markUid ) { dbQuery('UPDATE Users SET APIEnabled=1 WHERE Id=?', array($markUid)); - // echo "UPDATE Users SET APIEnabled=1"." WHERE Id=".$markUid."
"; + } - echo "Updated"; + echo "translate('Updated'); } if(array_key_exists('revokeAllTokens',$_POST)){ From a4eff3e8e098acf995969f3359939bca00b368e1 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 17 May 2019 09:44:22 -0400 Subject: [PATCH 086/360] fixed html typo --- web/skins/classic/views/options.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index fa6a1fe61..b0ac2af1b 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -330,7 +330,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI { $minTokenTime = time(); dbQuery ('UPDATE Users SET TokenMinExpiry=?', array ($minTokenTime)); - echo "translate('AllTokensRevoked')"; + echo "".translate('AllTokensRevoked').""; } function updateSelected() @@ -344,7 +344,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI dbQuery('UPDATE Users SET APIEnabled=1 WHERE Id=?', array($markUid)); } - echo "translate('Updated'); + echo "".translate('Updated').""; } if(array_key_exists('revokeAllTokens',$_POST)){ From e9ff1f46f1c2acba092bfb26d1e4a2d3f6c55f7c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 17 May 2019 11:13:45 -0400 Subject: [PATCH 087/360] Add missing deps to ubuntu versions of control --- distros/ubuntu1204/control | 7 ++++++- distros/ubuntu1604/control | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/distros/ubuntu1204/control b/distros/ubuntu1204/control index f1756c5e8..779140a00 100644 --- a/distros/ubuntu1204/control +++ b/distros/ubuntu1204/control @@ -23,6 +23,8 @@ Build-Depends: debhelper (>= 9), python-sphinx | python3-sphinx, apache2-dev, dh ,libsys-mmap-perl [!hurd-any] ,libwww-perl ,libdata-uuid-perl + ,libssl-dev + ,libcrypt-eksblowfish-perl, libdata-entropy-perl # Unbundled (dh_linktree): ,libjs-jquery ,libjs-mootools @@ -64,7 +66,10 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,rsyslog | system-log-daemon ,zip ,libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl - , libsys-cpu-perl, libsys-meminfo-perl + ,libsys-cpu-perl, libsys-meminfo-perl + ,libssl + ,libcrypt-eksblowfish-perl, libdata-entropy-perl + Recommends: ${misc:Recommends} ,libapache2-mod-php5 | php5-fpm ,mysql-server | virtual-mysql-server diff --git a/distros/ubuntu1604/control b/distros/ubuntu1604/control index 415f54c9f..6accba9d8 100644 --- a/distros/ubuntu1604/control +++ b/distros/ubuntu1604/control @@ -30,6 +30,8 @@ Build-Depends: debhelper (>= 9), dh-systemd, python-sphinx | python3-sphinx, apa ,libsys-mmap-perl [!hurd-any] ,libwww-perl ,libdata-uuid-perl + ,libssl-dev + ,libcrypt-eksblowfish-perl, libdata-entropy-perl # Unbundled (dh_linktree): ,libjs-jquery ,libjs-mootools @@ -76,6 +78,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,rsyslog | system-log-daemon ,zip ,libpcre3 + ,libssl + ,libcrypt-eksblowfish-perl, libdata-entropy-perl + Recommends: ${misc:Recommends} ,libapache2-mod-php5 | libapache2-mod-php | php5-fpm | php-fpm ,mysql-server | mariadb-server | virtual-mysql-server From e2dd11fdd4f42a0431f58f33c30396c9c53c08fa Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 17 May 2019 11:21:07 -0400 Subject: [PATCH 088/360] added deps to ubuntu control files --- distros/ubuntu1204/control | 10 ++++++++-- distros/ubuntu1604/control | 4 ++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/distros/ubuntu1204/control b/distros/ubuntu1204/control index f1756c5e8..fdf9c186e 100644 --- a/distros/ubuntu1204/control +++ b/distros/ubuntu1204/control @@ -23,6 +23,8 @@ Build-Depends: debhelper (>= 9), python-sphinx | python3-sphinx, apache2-dev, dh ,libsys-mmap-perl [!hurd-any] ,libwww-perl ,libdata-uuid-perl + ,libssl-dev + ,libcrypt-eksblowfish-perl, libdata-entropy-perl # Unbundled (dh_linktree): ,libjs-jquery ,libjs-mootools @@ -63,8 +65,12 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,policykit-1 ,rsyslog | system-log-daemon ,zip - ,libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl - , libsys-cpu-perl, libsys-meminfo-perl + ,libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl + ,libio-socket-multicast-perl, libdigest-sha-perl + ,libsys-cpu-perl, libsys-meminfo-perl + ,libssl + ,libcrypt-eksblowfish-perl, libdata-entropy-perl + Recommends: ${misc:Recommends} ,libapache2-mod-php5 | php5-fpm ,mysql-server | virtual-mysql-server diff --git a/distros/ubuntu1604/control b/distros/ubuntu1604/control index 415f54c9f..bfabd3ad3 100644 --- a/distros/ubuntu1604/control +++ b/distros/ubuntu1604/control @@ -30,6 +30,8 @@ Build-Depends: debhelper (>= 9), dh-systemd, python-sphinx | python3-sphinx, apa ,libsys-mmap-perl [!hurd-any] ,libwww-perl ,libdata-uuid-perl + ,libssl-dev + ,libcrypt-eksblowfish-perl, libdata-entropy-perl # Unbundled (dh_linktree): ,libjs-jquery ,libjs-mootools @@ -76,6 +78,8 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,rsyslog | system-log-daemon ,zip ,libpcre3 + ,libssl + ,libcrypt-eksblowfish-perl, libdata-entropy-perl Recommends: ${misc:Recommends} ,libapache2-mod-php5 | libapache2-mod-php | php5-fpm | php-fpm ,mysql-server | mariadb-server | virtual-mysql-server From 682d95470d73e6154c25971839122d457dab5577 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 17 May 2019 11:47:20 -0400 Subject: [PATCH 089/360] spaces --- distros/ubuntu1204/control | 6 ++++-- distros/ubuntu1604/control | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/distros/ubuntu1204/control b/distros/ubuntu1204/control index fdf9c186e..d80cbc67a 100644 --- a/distros/ubuntu1204/control +++ b/distros/ubuntu1204/control @@ -24,7 +24,8 @@ Build-Depends: debhelper (>= 9), python-sphinx | python3-sphinx, apache2-dev, dh ,libwww-perl ,libdata-uuid-perl ,libssl-dev - ,libcrypt-eksblowfish-perl, libdata-entropy-perl + ,libcrypt-eksblowfish-perl + ,libdata-entropy-perl # Unbundled (dh_linktree): ,libjs-jquery ,libjs-mootools @@ -69,7 +70,8 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,libio-socket-multicast-perl, libdigest-sha-perl ,libsys-cpu-perl, libsys-meminfo-perl ,libssl - ,libcrypt-eksblowfish-perl, libdata-entropy-perl + ,libcrypt-eksblowfish-perl + ,libdata-entropy-perl Recommends: ${misc:Recommends} ,libapache2-mod-php5 | php5-fpm diff --git a/distros/ubuntu1604/control b/distros/ubuntu1604/control index bfabd3ad3..d07104100 100644 --- a/distros/ubuntu1604/control +++ b/distros/ubuntu1604/control @@ -31,7 +31,8 @@ Build-Depends: debhelper (>= 9), dh-systemd, python-sphinx | python3-sphinx, apa ,libwww-perl ,libdata-uuid-perl ,libssl-dev - ,libcrypt-eksblowfish-perl, libdata-entropy-perl + ,libcrypt-eksblowfish-perl + ,libdata-entropy-perl # Unbundled (dh_linktree): ,libjs-jquery ,libjs-mootools @@ -79,7 +80,8 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,zip ,libpcre3 ,libssl - ,libcrypt-eksblowfish-perl, libdata-entropy-perl + ,libcrypt-eksblowfish-perl + ,libdata-entropy-perl Recommends: ${misc:Recommends} ,libapache2-mod-php5 | libapache2-mod-php | php5-fpm | php-fpm ,mysql-server | mariadb-server | virtual-mysql-server From 304192472d74bfb2c280a7e340d2f0a07290b21a Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 17 May 2019 12:02:24 -0400 Subject: [PATCH 090/360] removed extra line --- distros/ubuntu1204/control | 1 - 1 file changed, 1 deletion(-) diff --git a/distros/ubuntu1204/control b/distros/ubuntu1204/control index d80cbc67a..1dc8a2b38 100644 --- a/distros/ubuntu1204/control +++ b/distros/ubuntu1204/control @@ -72,7 +72,6 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,libssl ,libcrypt-eksblowfish-perl ,libdata-entropy-perl - Recommends: ${misc:Recommends} ,libapache2-mod-php5 | php5-fpm ,mysql-server | virtual-mysql-server From 8e1037458ae675579c6e0b7efc6b0b1c9611530e Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 18 May 2019 11:23:16 -0400 Subject: [PATCH 091/360] when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist --- web/api/app/Controller/HostController.php | 19 +++++++++++++++---- web/includes/auth.php | 4 ++-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 9ff4e7c76..d6827c491 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -49,7 +49,7 @@ class HostController extends AppController { $cred = $this->_getCredentials(true); // generate refresh } else { - $cred = $this->_getCredentials(false); // don't generate refresh + $cred = $this->_getCredentials(false, $mToken); // don't generate refresh } $login_array = array ( @@ -114,7 +114,7 @@ class HostController extends AppController { } } - private function _getCredentials($generate_refresh_token=false) { + private function _getCredentials($generate_refresh_token=false, $mToken='') { $credentials = ''; $this->loadModel('Config'); @@ -127,6 +127,17 @@ class HostController extends AppController { throw new ForbiddenException(__('Please create a valid AUTH_HASH_SECRET in ZoneMinder')); } + if ($mToken) { + // If we have a token, we need to derive username from there + $ret = validateToken($mToken, 'refresh'); + $mUser = $ret[0]['Username']; + + } else { + $mUser = $_SESSION['username']; + } + + ZM\Info("Creating token for \"$mUser\""); + /* we won't support AUTH_HASH_IPS in token mode reasons: a) counter-intuitive for mobile consumers @@ -149,7 +160,7 @@ class HostController extends AppController { "iss" => "ZoneMinder", "iat" => $access_issued_at, "exp" => $access_expire_at, - "user" => $_SESSION['username'], + "user" => $mUser, "type" => "access" ); @@ -167,7 +178,7 @@ class HostController extends AppController { "iss" => "ZoneMinder", "iat" => $refresh_issued_at, "exp" => $refresh_expire_at, - "user" => $_SESSION['username'], + "user" => $mUser, "type" => "refresh" ); $jwt_refresh_token = \Firebase\JWT\JWT::encode($refresh_token, $key, 'HS256'); diff --git a/web/includes/auth.php b/web/includes/auth.php index 33d2b3fb6..3b823004c 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -244,7 +244,7 @@ function validateToken ($token, $allowed_token_type='access') { $minIssuedAt = $saved_user_details['TokenMinExpiry']; if ($issuedAt < $minIssuedAt) { - ZM\Error ("Token revoked for $username. Please generate a new token"); + ZM\Error ("Token revoked for \"$username\". Please generate a new token"); $_SESSION['loginFailed'] = true; unset($user); return array(false, "Token revoked. Please re-generate"); @@ -253,7 +253,7 @@ function validateToken ($token, $allowed_token_type='access') { $user = $saved_user_details; return array($user, "OK"); } else { - ZM\Error ("Could not retrieve user $username details"); + ZM\Error ("Could not retrieve user \"$username\" details"); $_SESSION['loginFailed'] = true; unset($user); return array(false, "No such user/credentials"); From 33db7e1e35944668f3a5b9db9b424d6f4fd2967a Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 18 May 2019 13:47:31 -0400 Subject: [PATCH 092/360] add libssl1.0.0 for ubuntu 16/12 --- distros/ubuntu1204/control | 2 +- distros/ubuntu1604/control | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/distros/ubuntu1204/control b/distros/ubuntu1204/control index 1dc8a2b38..9e54e2aa3 100644 --- a/distros/ubuntu1204/control +++ b/distros/ubuntu1204/control @@ -69,7 +69,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl ,libio-socket-multicast-perl, libdigest-sha-perl ,libsys-cpu-perl, libsys-meminfo-perl - ,libssl + ,libssl | libssl1.0.0 ,libcrypt-eksblowfish-perl ,libdata-entropy-perl Recommends: ${misc:Recommends} diff --git a/distros/ubuntu1604/control b/distros/ubuntu1604/control index d07104100..30451f7e1 100644 --- a/distros/ubuntu1604/control +++ b/distros/ubuntu1604/control @@ -79,7 +79,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,rsyslog | system-log-daemon ,zip ,libpcre3 - ,libssl + ,libssl | libssl1.0.0 ,libcrypt-eksblowfish-perl ,libdata-entropy-perl Recommends: ${misc:Recommends} From 036d47545f6b22fb1c0139ff55f97080fd3d039f Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 18 May 2019 19:35:13 -0400 Subject: [PATCH 093/360] small API fixes --- docs/api.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/api.rst b/docs/api.rst index d60847d92..2b96bb397 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -85,7 +85,7 @@ Or for API 2.0: Using these keys with subsequent requests ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Once you have the keys (a.k.a credentials (v1.0, v2.0) or token (v2.0)) you should now supply that credential to subsequent API calls like this: +Once you have the keys (a.k.a credentials (v1.0, v2.0) or token (v2.0)) you should now supply that key to subsequent API calls like this: :: @@ -108,7 +108,7 @@ Once you have the keys (a.k.a credentials (v1.0, v2.0) or token (v2.0)) you shou Key lifetime (v1.0) ^^^^^^^^^^^^^^^^^^^^^ -If you are using the old ``auth_hash`` mechanism present in v1.0, then the credentials will time out based on PHP session timeout. This is often confusing and sometime causes additional issues due to the fact that the old method also includes timestamps in its hash. +If you are using the old credentials mechanism present in v1.0, then the credentials will time out based on PHP session timeout (if you are using cookies), or the value of ``AUTH_HASH_TTL`` which defaults to 2 hours. Note that there is no way to look at the hash and decipher how much time is remaining. So it is your responsibility to record the time you got the hash and assume it was generated at the time you got it and re-login before that time expires. Key lifetime (v2.0) ^^^^^^^^^^^^^^^^^^^^^^ From ddd02ec10df4b91905d8785262cf3897104b72ce Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 19 May 2019 07:29:27 -0400 Subject: [PATCH 094/360] clean up of API, remove redundant sections --- docs/api.rst | 162 ++++++++++++++++----------------------------------- 1 file changed, 49 insertions(+), 113 deletions(-) diff --git a/docs/api.rst b/docs/api.rst index 2b96bb397..177678977 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -40,14 +40,14 @@ For v2.0 APIs, you have an additional option right below it - ``OPT_USE_LEGACY_A Enabling secret key ^^^^^^^^^^^^^^^^^^^ -* It is important that you create a "Secret Key". This needs to be a set of hard to guess characters, that only you know. ZoneMinder does not create a key for you. It is your responsibility to create it. If you haven't created one already, please do so by going to ``Options->Systems`` and populating ``AUTH_HASH_SECRET``. Don't forget to save. +* It is **important** that you create a "Secret Key". This needs to be a set of hard to guess characters, that only you know. ZoneMinder does not create a key for you. It is your responsibility to create it. If you haven't created one already, please do so by going to ``Options->Systems`` and populating ``AUTH_HASH_SECRET``. Don't forget to save. * If you plan on using V2.0 token based security, **it is mandatory to populate this secret key**, as it is used to sign the token. If you don't, token authentication will fail. V1.0 did not mandate this requirement. -Getting API key +Getting an API key ^^^^^^^^^^^^^^^^^^^^^^^ -To get API key: +To get an API key: :: @@ -91,29 +91,34 @@ Once you have the keys (a.k.a credentials (v1.0, v2.0) or token (v2.0)) you shou # RECOMMENDED: v2.0 token based curl -XPOST https://yourserver/zm/api/monitors.json&token= - # or + + # or # v1.0 or 2.0 based API access (will only work if AUTH_HASH_LOGINS is enabled) curl -XPOST -d "auth=" https://yourserver/zm/api/monitors.json + # or + curl -XGET https://yourserver/zm/api/monitors.json&auth= + # or, if you specified -c cookies.txt in the original login request + curl -b cookies.txt -XGET https://yourserver/zm/api/monitors.json .. NOTE:: - ZoneMinder's API layer allows API keys to be encoded either as a querty parameter or as a data payload. If you don't pass keys, you could use cookies (not recommended as a general approach) + ZoneMinder's API layer allows API keys to be encoded either as a query parameter or as a data payload. If you don't pass keys, you could use cookies (not recommended as a general approach) Key lifetime (v1.0) ^^^^^^^^^^^^^^^^^^^^^ -If you are using the old credentials mechanism present in v1.0, then the credentials will time out based on PHP session timeout (if you are using cookies), or the value of ``AUTH_HASH_TTL`` which defaults to 2 hours. Note that there is no way to look at the hash and decipher how much time is remaining. So it is your responsibility to record the time you got the hash and assume it was generated at the time you got it and re-login before that time expires. +If you are using the old credentials mechanism present in v1.0, then the credentials will time out based on PHP session timeout (if you are using cookies), or the value of ``AUTH_HASH_TTL`` (if you are using ``auth=`` and have enabled ``AUTH_HASH_LOGINS``) which defaults to 2 hours. Note that there is no way to look at the hash and decipher how much time is remaining. So it is your responsibility to record the time you got the hash and assume it was generated at the time you got it and re-login before that time expires. Key lifetime (v2.0) ^^^^^^^^^^^^^^^^^^^^^^ -In version 2.0, it is very easy to know when a key will expire. You can find that out from the ``access_token_expires`` and ``refresh_token_exipres`` values (in seconds). You should refresh the keys before the timeout occurs, or you will not be able to use the APIs. +In version 2.0, it is easy to know when a key will expire before you use it. You can find that out from the ``access_token_expires`` and ``refresh_token_exipres`` values (in seconds) after you decode the JWT key (there are JWT decode libraries for every language you want). You should refresh the keys before the timeout occurs, or you will not be able to use the APIs. Understanding access/refresh tokens (v2.0) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -128,7 +133,7 @@ If you are using V2.0, then you need to know how to use these tokens effectively **To Summarize:** * Pass your ``username`` and ``password`` to ``login.json`` only once in 24 hours to renew your tokens -* Pass your "refresh token" to ``login.json`` once an hour to renew your ``access token`` +* Pass your "refresh token" to ``login.json`` once in two hours (or whatever you have set the value of ``AUTH_HASH_TTL`` to) to renew your ``access token`` * Use your ``access token`` for all API invocations. In fact, V2.0 will reject your request (if it is not to ``login.json``) if it comes with a refresh token instead of an access token to discourage usage of this token when it should not be used. @@ -138,7 +143,7 @@ This minimizes the amount of sensitive data that is sent over the wire and the l Understanding key security ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Version 1.0 uses an MD5 hash to generate the credentials. The hash is computed over your secret key (if avaiable), username, password and some time parameters (along with remote IP if enabled). This is not a secure/recommended hashing mechanism. If your auth hash is compromised, an attacker will be able to use your hash till it expires. To avoid this, you could disable the user in ZoneMinder. +* Version 1.0 uses an MD5 hash to generate the credentials. The hash is computed over your secret key (if available), username, password and some time parameters (along with remote IP if enabled). This is not a secure/recommended hashing mechanism. If your auth hash is compromised, an attacker will be able to use your hash till it expires. To avoid this, you could disable the user in ZoneMinder. Furthermore, enabling remote IP (``AUTH_HASH_REMOTE_IP``) requires that you issue future requests from the same IP that generated the tokens. While this may be considered an additional layer for security, this can cause issues with mobile devices. * Version 2.0 uses a different approach. The hash is a simple base64 encoded form of "claims", but signed with your secret key. Consider for example, the following access key: @@ -160,10 +165,10 @@ If you were to use any `JWT token verifier `__ it can easily dec Invalid Signature -Don't be surprised. JWT tokens are not meant to be encrypted. It is just an assertion of a claim. It states that the issuer of this token was ZoneMinder, +Don't be surprised. JWT tokens, by default, are `not meant to be encrypted `__. It is just an assertion of a claim. It states that the issuer of this token was ZoneMinder, It was issued at (iat) Wednesday, 2019-05-15 17:19:12 UTC and will expire on (exp) Wednesday, 2019-05-15 18:19:12 UTC. This token claims to be owned by an admin and is an access token. If your token were to be stolen, this information is available to the person who stole it. Note that there are no sensitive details like passwords in this claim. -However, that person will **not** have your secret key as part of this token and therefore, will NOT be able to create a new JWT token to get, say, a refresh token. They will however, be able to use your access token to access resources just like the auth hash above, till the access token expires (1hr). To revoke this token, you don't need to disable the user. Go to ``Options->API`` and tap on "Revoke All Access Tokens". This will invalidate the token immediately (this option will invalidate all tokens for all users, and new ones will need to be generated). +However, that person will **not** have your secret key as part of this token and therefore, will NOT be able to create a new JWT token to get, say, a refresh token. They will however, be able to use your access token to access resources just like the auth hash above, till the access token expires (2 hrs). To revoke this token, you don't need to disable the user. Go to ``Options->API`` and tap on "Revoke All Access Tokens". This will invalidate the token immediately (this option will invalidate all tokens for all users, and new ones will need to be generated). Over time, we will provide you with more fine grained access to these options. @@ -175,105 +180,12 @@ Over time, we will provide you with more fine grained access to these options. * If you believe your tokens are compromised, revoke them, but also check if your attacker has compromised more than you think (example, they may also have your username/password or access to your system via other exploits, in which case they can regenerate as many tokens/credentials as they want). - .. NOTE:: Subsequent sections don't explicitly callout the key addition to APIs. We assume that you will append the correct keys as per our explanation above. - -Logout APIs -^^^^^^^^^^^^^^ -The APIs tie into ZoneMinder's existing security model. This means if you have -OPT_AUTH enabled, you need to log into ZoneMinder using the same browser you plan to -use the APIs from. If you are developing an app that relies on the API, you need -to do a POST login from the app into ZoneMinder before you can access the API. - -Then, you need to re-use the authentication information of the login (returned as cookie states) -with subsequent APIs for the authentication information to flow through to the APIs. - -This means if you plan to use cuRL to experiment with these APIs, you first need to login: - -**Login process for ZoneMinder v1.32.0 and above** - -:: - - curl -XPOST -d "user=XXXX&pass=YYYY" -c cookies.txt http://yourzmip/zm/api/host/login.json - -Staring ZM 1.32.0, you also have a `logout` API that basically clears your session. It looks like this: - -:: - - curl -b cookies.txt http://yourzmip/zm/api/host/logout.json - - -**Login process for older versions of ZoneMinder** - -:: - - curl -d "username=XXXX&password=YYYY&action=login&view=console" -c cookies.txt http://yourzmip/zm/index.php - -The equivalent logout process for older versions of ZoneMinder is: - -:: - - curl -XPOST -d "username=XXXX&password=YYYY&action=logout&view=console" -b cookies.txt http://yourzmip/zm/index.php - -replacing *XXXX* and *YYYY* with your username and password, respectively. - -Please make sure you do this in a directory where you have write permissions, otherwise cookies.txt will not be created -and the command will silently fail. - - -What the "-c cookies.txt" does is store a cookie state reflecting that you have logged into ZM. You now need -to apply that cookie state to all subsequent APIs. You do that by using a '-b cookies.txt' to subsequent APIs if you are -using CuRL like so: - -:: - - curl -b cookies.txt http://yourzmip/zm/api/monitors.json - -This would return a list of monitors and pass on the authentication information to the ZM API layer. - -A deeper dive into the login process -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -As you might have seen above, there are two ways to login, one that uses the `login.json` API and the other that logs in using the ZM portal. If you are running ZoneMinder 1.32.0 and above, it is *strongly* recommended you use the `login.json` approach. The "old" approach will still work but is not as powerful as the API based login. Here are the reasons why: - - * The "old" approach basically uses the same login webpage (`index.php`) that a user would log into when viewing the ZM console. This is not really using an API and more importantly, if you have additional components like reCAPTCHA enabled, this will not work. Using the API approach is much cleaner and will work irrespective of reCAPTCHA - - * The new login API returns important information that you can use to stream videos as well, right after login. Consider for example, a typical response to the login API (`/login.json`): - -:: - - { - "credentials": "auth=f5b9cf48693fe8552503c8ABCD5", - "append_password": 0, - "version": "1.31.44", - "apiversion": "1.0" - } - -In this example I have `OPT_AUTH` enabled in ZoneMinder and it returns my credential key. You can then use this key to stream images like so: - -:: - - - -Where `authval` is the credentials returned to start streaming videos. - -The `append_password` field will contain 1 when it is necessary for you to append your ZM password. This is the case when you set `AUTH_RELAY` in ZM options to "plain", for example. In that case, the `credentials` field may contain something like `&user=admin&pass=` and you have to add your password to that string. - - -.. NOTE:: It is recommended you invoke the `login` API once every 60 minutes to make sure the session stays alive. The same is true if you use the old login method too. - - - -Examples (please read security notice above) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Please remember, if you are using authentication, please add a ``-b cookies.txt`` to each of the commands below if you are using -CuRL. If you are not using CuRL and writing your own app, you need to make sure you pass on cookies to subsequent requests -in your app. - +Examples +^^^^^^^^^ (In all examples, replace 'server' with IP or hostname & port where ZoneMinder is running) @@ -500,6 +412,15 @@ This returns number of events per monitor that were recorded in the last day whe +Return sorted events +^^^^^^^^^^^^^^^^^^^^^^ + +This returns a list of events within a time range and also sorts it by descending order + +:: + + curl -XGET "http://server/zm/api/events/index/StartTime%20>=:2015-05-15%2018:43:56/EndTime%20<=:208:43:56.json?sort=StartTime&direction=desc" + Configuration Apis ^^^^^^^^^^^^^^^^^^^ @@ -674,6 +595,9 @@ Returns: This only works if you have a multiserver setup in place. If you don't it will return an empty array. +Other APIs +^^^^^^^^^^ +This is not a complete list. ZM supports more parameters/APIs. A good way to dive in is to look at the `API code `__ directly. Streaming Interface ^^^^^^^^^^^^^^^^^^^ @@ -690,9 +614,13 @@ For example: :: + + + # or + - #or - + + will display a live feed from monitor id 1, scaled down by 50% in quality and resized to 640x480px. @@ -728,10 +656,13 @@ Similar to live playback, if you have chosen to store events in JPEG mode, you c :: - - #or + # or + + + + * This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system * This will playback event 293820, starting from frame 1 as an MJPEG stream @@ -741,12 +672,16 @@ Similar to live playback, if you have chosen to store events in JPEG mode, you c If instead, you have chosen to use the MP4 (Video) storage mode for events, you can directly play back the saved video file: :: + - - #or -* This will play back the video recording for event 294690 + # or + + + + +This above will play back the video recording for event 294690 What other parameters are supported? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -757,6 +692,7 @@ are generated. Change and observe. Further Reading ^^^^^^^^^^^^^^^^ + As described earlier, treat this document as an "introduction" to the important parts of the API and streaming interfaces. There are several details that haven't yet been documented. Till they are, here are some resources: From bdbbab0d3e516aa90ceab0ffdcc18a1a9f9eb0df Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 21 May 2019 17:15:08 -0400 Subject: [PATCH 095/360] Handle no results from get_ProbeMatch() --- scripts/ZoneMinder/lib/ZoneMinder/ONVIF.pm.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ONVIF.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ONVIF.pm.in index 9ce556beb..056801d9c 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ONVIF.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ONVIF.pm.in @@ -112,21 +112,23 @@ sub interpret_messages { my @results; foreach my $response ( @responses ) { - if($verbose) { + if ( $verbose ) { print "Received message:\n" . $response . "\n"; } my $result = deserialize_message($svc_discover, $response); - if(not $result) { + if ( not $result ) { print "Error deserializing message. No message returned from deserializer.\n" if $verbose; next; } my $xaddr; - foreach my $l_xaddr (split ' ', $result->get_ProbeMatch()->get_XAddrs()) { + my $probe_match = $result->get_ProbeMatch(); + next if ! $probe_match; + foreach my $l_xaddr (split ' ', $probe_match->get_XAddrs()) { # find IPv4 address print "l_xaddr = $l_xaddr\n" if $verbose; - if($l_xaddr =~ m|//[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[:/]|) { + if ( $l_xaddr =~ m|//[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[:/]| ) { $xaddr = $l_xaddr; last; } else { From 6dd1bbe895b47025dddc877e8e9179f3da01056b Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Thu, 23 May 2019 13:52:54 -0400 Subject: [PATCH 096/360] moved to ZM fork for bcrypt --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index f5bcf359d..b64d78997 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,7 +7,7 @@ url = https://github.com/ZoneMinder/CakePHP-Enum-Behavior.git [submodule "third_party/bcrypt"] path = third_party/bcrypt - url = https://github.com/pliablepixels/libbcrypt + url = https://github.com/ZoneMinder/libbcrypt [submodule "third_party/jwt-cpp"] path = third_party/jwt-cpp url = https://github.com/Thalhammer/jwt-cpp From bc9116dd94a99d445dae8a95d66495022cb57b1f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 23 May 2019 14:27:17 -0400 Subject: [PATCH 097/360] whitespace and google code style --- web/includes/auth.php | 103 ++++++++++++++++++------------------------ 1 file changed, 45 insertions(+), 58 deletions(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index 3b823004c..a3d3e35de 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -26,25 +26,21 @@ use \Firebase\JWT\JWT; // this function migrates mysql hashing to bcrypt, if you are using PHP >= 5.5 // will be called after successful login, only if mysql hashing is detected function migrateHash($user, $pass) { - if (function_exists('password_hash')) { - ZM\Info ("Migrating $user to bcrypt scheme"); + if ( function_exists('password_hash') ) { + ZM\Info("Migrating $user to bcrypt scheme"); // let it generate its own salt, and ensure bcrypt as PASSWORD_DEFAULT may change later // we can modify this later to support argon2 etc as switch to its own password signature detection $bcrypt_hash = password_hash($pass, PASSWORD_BCRYPT); //ZM\Info ("hased bcrypt $pass is $bcrypt_hash"); $update_password_sql = 'UPDATE Users SET Password=\''.$bcrypt_hash.'\' WHERE Username=\''.$user.'\''; - ZM\Info ($update_password_sql); + ZM\Info($update_password_sql); dbQuery($update_password_sql); - } - else { - - ZM\Info ('Cannot migrate password scheme to bcrypt, as you are using PHP < 5.3'); + } else { + ZM\Info('Cannot migrate password scheme to bcrypt, as you are using PHP < 5.3'); return; } - } - // core function used to login a user to PHP. Is also used for cake sessions for the API function userLogin($username='', $password='', $passwordHashed=false, $apiLogin = false) { @@ -58,7 +54,7 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin // if true, a popup will display after login // lets validate reCaptcha if it exists // this only applies if it userLogin was not called from API layer - if (!$apiLogin + if ( !$apiLogin && defined('ZM_OPT_USE_GOOG_RECAPTCHA') && defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY') && defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY') @@ -73,17 +69,17 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin 'remoteip' => $_SERVER['REMOTE_ADDR'] ); $res = do_post_request($url, http_build_query($fields)); - $responseData = json_decode($res,true); + $responseData = json_decode($res, true); // credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php // if recaptcha resulted in error, we might have to deny login - if ( isset($responseData['success']) && $responseData['success'] == false ) { + if ( isset($responseData['success']) && ($responseData['success'] == false) ) { // PP - before we deny auth, let's make sure the error was not 'invalid secret' // because that means the user did not configure the secret key correctly // in this case, we prefer to let him login in and display a message to correct // the key. Unfortunately, there is no way to check for invalid site key in code // as it produces the same error as when you don't answer a recaptcha if ( isset($responseData['error-codes']) && is_array($responseData['error-codes']) ) { - if ( !in_array('invalid-input-secret',$responseData['error-codes']) ) { + if ( !in_array('invalid-input-secret', $responseData['error-codes']) ) { Error('reCaptcha authentication failed'); return null; } else { @@ -102,18 +98,18 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin // First retrieve the stored password // and move password hashing to application space - $saved_user_details = dbFetchOne ($sql, NULL, $sql_values); + $saved_user_details = dbFetchOne($sql, NULL, $sql_values); $password_correct = false; $password_type = NULL; - if ($saved_user_details) { + if ( $saved_user_details ) { // if the API layer asked us to login, make sure the user // has API enabled (admin may have banned API for this user) - if ($apiLogin) { - if ($saved_user_details['APIEnabled'] != 1) { - ZM\Error ("API disabled for: $username"); + if ( $apiLogin ) { + if ( $saved_user_details['APIEnabled'] != 1 ) { + ZM\Error("API disabled for: $username"); $_SESSION['loginFailed'] = true; unset($user); return false; @@ -121,45 +117,39 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin } $saved_password = $saved_user_details['Password']; - if ($saved_password[0] == '*') { + if ( $saved_password[0] == '*' ) { // We assume we don't need to support mysql < 4.1 // Starting MY SQL 4.1, mysql concats a '*' in front of its password hash // https://blog.pythian.com/hashing-algorithm-in-mysql-password-2/ - ZM\Logger::Debug ('Saved password is using MYSQL password function'); - $input_password_hash ='*'.strtoupper(sha1(sha1($password, true))); + ZM\Logger::Debug('Saved password is using MYSQL password function'); + $input_password_hash = '*'.strtoupper(sha1(sha1($password, true))); $password_correct = ($saved_password == $input_password_hash); $password_type = 'mysql'; - } - elseif (preg_match('/^\$2[ayb]\$.+$/', $saved_password)) { + } else if ( preg_match('/^\$2[ayb]\$.+$/', $saved_password) ) { ZM\Logger::Debug('bcrypt signature found, assumed bcrypt password'); - $password_type='bcrypt'; - $password_correct = $passwordHashed? ($password == $saved_password) : password_verify($password, $saved_password); + $password_type = 'bcrypt'; + $password_correct = $passwordHashed ? ($password == $saved_password) : password_verify($password, $saved_password); } // zmupdate.pl adds a '-ZM-' prefix to overlay encrypted passwords // this is done so that we don't spend cycles doing two bcrypt password_verify calls // for every wrong password entered. This will only be invoked for passwords zmupdate.pl has // overlay hashed - elseif (substr($saved_password, 0,4) == '-ZM-') { + else if ( substr($saved_password, 0,4) == '-ZM-' ) { ZM\Logger::Debug("Detected bcrypt overlay hashing for $username"); - ZM\Info("Detected bcrypt overlay hashing for $username"); - $bcrypt_hash = substr ($saved_password, 4); - $mysql_encoded_password ='*'.strtoupper(sha1(sha1($password, true))); + $bcrypt_hash = substr($saved_password, 4); + $mysql_encoded_password = '*'.strtoupper(sha1(sha1($password, true))); ZM\Logger::Debug("Comparing password $mysql_encoded_password to bcrypt hash: $bcrypt_hash"); - ZM\Info("Comparing password $mysql_encoded_password to bcrypt hash: $bcrypt_hash"); $password_correct = password_verify($mysql_encoded_password, $bcrypt_hash); - $password_type = "mysql"; // so we can migrate later down - - } - else { - // we really should nag the user not to use plain - ZM\Warning ('assuming plain text password as signature is not known. Please do not use plain, it is very insecure'); - $password_type = 'plain'; - $password_correct = ($saved_password == $password); - + $password_type = 'mysql'; // so we can migrate later down + } else { + // we really should nag the user not to use plain + ZM\Warning ('assuming plain text password as signature is not known. Please do not use plain, it is very insecure'); + $password_type = 'plain'; + $password_correct = ($saved_password == $password); } } else { - ZM\Error ("Could not retrieve user $username details"); + ZM\Error("Could not retrieve user $username details"); $_SESSION['loginFailed'] = true; unset($user); return false; @@ -172,10 +162,10 @@ function userLogin($username='', $password='', $passwordHashed=false, $apiLogin } $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking - if ($password_correct) { + if ( $password_correct ) { ZM\Info("Login successful for user \"$username\""); $user = $saved_user_details; - if ($password_type == 'mysql') { + if ( $password_type == 'mysql' ) { ZM\Info('Migrating password, if possible for future logins'); migrateHash($username, $password); } @@ -224,42 +214,41 @@ function validateToken ($token, $allowed_token_type='access') { $jwt_payload = json_decode(json_encode($decoded_token), true); $type = $jwt_payload['type']; - if ($type != $allowed_token_type) { - if ($allowed_token_type == 'access') { + if ( $type != $allowed_token_type ) { + if ( $allowed_token_type == 'access' ) { // give a hint that the user is not doing it right - ZM\Error ('Please do not use refresh tokens for this operation'); + ZM\Error('Please do not use refresh tokens for this operation'); } - return array (false, "Incorrect token type"); + return array (false, 'Incorrect token type'); } $username = $jwt_payload['user']; $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username = ?'; $sql_values = array($username); - $saved_user_details = dbFetchOne ($sql, NULL, $sql_values); + $saved_user_details = dbFetchOne($sql, NULL, $sql_values); - if ($saved_user_details) { + if ( $saved_user_details ) { $issuedAt = $jwt_payload['iat']; $minIssuedAt = $saved_user_details['TokenMinExpiry']; - if ($issuedAt < $minIssuedAt) { - ZM\Error ("Token revoked for \"$username\". Please generate a new token"); + if ( $issuedAt < $minIssuedAt ) { + ZM\Error("Token revoked for $username. Please generate a new token"); $_SESSION['loginFailed'] = true; unset($user); - return array(false, "Token revoked. Please re-generate"); + return array(false, 'Token revoked. Please re-generate'); } $user = $saved_user_details; - return array($user, "OK"); + return array($user, 'OK'); } else { - ZM\Error ("Could not retrieve user \"$username\" details"); + ZM\Error("Could not retrieve user $username details"); $_SESSION['loginFailed'] = true; unset($user); - return array(false, "No such user/credentials"); + return array(false, 'No such user/credentials'); } - -} +} // end function validateToken($token, $allowed_token_type='access') function getAuthUser($auth) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' && !empty($auth) ) { @@ -299,8 +288,6 @@ function getAuthUser($auth) { return false; } // end getAuthUser($auth) - - function generateAuthHash($useRemoteAddr, $force=false) { if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) { $time = time(); From d5120f7506f6236ae4c97c4430f073652a196481 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 23 May 2019 14:30:45 -0400 Subject: [PATCH 098/360] regenerate auth hash if doing password migration --- web/includes/auth.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/includes/auth.php b/web/includes/auth.php index a3d3e35de..7b8ce062d 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -35,6 +35,8 @@ function migrateHash($user, $pass) { $update_password_sql = 'UPDATE Users SET Password=\''.$bcrypt_hash.'\' WHERE Username=\''.$user.'\''; ZM\Info($update_password_sql); dbQuery($update_password_sql); + # Since password field has changed, existing auth_hash is no longer valid + generateAuthHash(ZM_AUTH_HASH_IPS, true); } else { ZM\Info('Cannot migrate password scheme to bcrypt, as you are using PHP < 5.3'); return; From 57708c016c96b330ce952a67d4e2a4f732d71ecb Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Thu, 23 May 2019 14:59:21 -0400 Subject: [PATCH 099/360] dont need AUTH HASH LOGIN to be on --- web/includes/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index 7b8ce062d..367ccee74 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -376,7 +376,7 @@ if ( ZM_OPT_USE_AUTH ) { userLogin($_REQUEST['username'], $_REQUEST['password'], false); } - if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['token']) ) { + if (empty($user) && !empty($_REQUEST['token']) ) { $ret = validateToken($_REQUEST['token'], 'access'); $user = $ret[0]; From 883688a72d5dd66e5b581308cbcbd7a2f2e3f94a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 23 May 2019 15:15:37 -0400 Subject: [PATCH 100/360] Add auth hash verification to the user logged in already case --- web/includes/auth.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index 7b8ce062d..dab570a19 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -356,9 +356,15 @@ if ( ZM_OPT_USE_AUTH ) { } if ( isset($_SESSION['username']) ) { - # Need to refresh permissions and validate that the user still exists - $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; - $user = dbFetchOne($sql, NULL, array($_SESSION['username'])); + if ( ZM_AUTH_HASH_LOGINS ) { + # Extra validation, if logged in, then the auth hash will be set in the session, so we can validate it. + # This prevent session modification to switch users + $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']); + } else { + # Need to refresh permissions and validate that the user still exists + $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; + $user = dbFetchOne($sql, NULL, array($_SESSION['username'])); + } } if ( ZM_AUTH_RELAY == 'plain' ) { @@ -368,7 +374,6 @@ if ( ZM_OPT_USE_AUTH ) { $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) ) { - if ( $authUser = getAuthUser($_REQUEST['auth']) ) { userLogin($authUser['Username'], $authUser['Password'], true); } From 3be0b774bdbc1b08e0420d27baaa67588b083df5 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 23 May 2019 16:26:21 -0400 Subject: [PATCH 101/360] better error logging --- scripts/zmfilter.pl.in | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index 9a290ccd8..82e2bfdbb 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -685,6 +685,8 @@ sub substituteTags { my $path = generateImage($Event, $first_alarm_frame); if ( -e $path ) { push @$attachments_ref, { type=>'image/jpeg', path=>$path }; + } else { + Warning("Path to first image does not exist at $path"); } } @@ -697,18 +699,20 @@ sub substituteTags { if ( -e $path ) { push @$attachments_ref, { type=>'image/jpeg', path=>$path }; } else { - Warning("No image for EIM"); + Warning("No image for EIM at $path"); } } } + if ( $text =~ s/%EI1A%//g ) { my $path = generateImage($Event, $first_alarm_frame, 'analyse'); if ( -e $path ) { push @$attachments_ref, { type=>'image/jpeg', path=>$path }; } else { - Warning("No image for EI1A"); + Warning("No image for EI1A at $path"); } } + if ( $text =~ s/%EIMA%//g ) { # Don't attach the same image twice if ( !@$attachments_ref @@ -718,10 +722,11 @@ sub substituteTags { if ( -e $path ) { push @$attachments_ref, { type=>'image/jpeg', path=>$path }; } else { - Warning('No image for EIMA'); + Warning("No image for EIMA at $path"); } } } + if ( $text =~ s/%EIMOD%//g ) { my $path = $Event->Path().'/objdetect.jpg'; if ( -e $path ) { From aa1264f4d2f68f9676e1f35d618074977980ca77 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 23 May 2019 16:26:40 -0400 Subject: [PATCH 102/360] fix missing ] --- web/includes/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index 0a0028896..4adfe2112 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -359,7 +359,7 @@ if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_HASH_LOGINS ) { # Extra validation, if logged in, then the auth hash will be set in the session, so we can validate it. # This prevent session modification to switch users - $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']); + $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]); } else { # Need to refresh permissions and validate that the user still exists $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; From 2fc7b3cf4d69e25fa68d190dd6b052d7fef94077 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 09:31:48 -0400 Subject: [PATCH 103/360] Don't allow deleting of in-progress recording --- web/includes/Event.php | 29 +++++++++++++++++++++++++++++ web/skins/classic/views/event.php | 6 +++--- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/web/includes/Event.php b/web/includes/Event.php index ba4f04e8c..07460a7ec 100644 --- a/web/includes/Event.php +++ b/web/includes/Event.php @@ -664,6 +664,35 @@ class Event { return 0; } # end public function file_size() + public function can_delete() { + if ( $this->Archived() ) { + Logger::Debug("Am archived, can't delete"); + return false; + } + if ( !$this->EndTime() ) { + Logger::Debug("No EndTime can't delete"); + return false; + } + if ( !canEdit('Events') ) { + Logger::Debug("No permission to edit events, can't delete"); + return false; + } + Logger::Debug("Can delete: archived: " . $this->Archived() . " endtime: " . $this->EndTime() ); + + return true; + } + + public function cant_delete_reason() { + if ( $this->Archived() ) { + return 'You cannot delete an archived event. Unarchive it first.'; + } else if ( ! $this->EndTime() ) { + return 'You cannot delete an event while it is being recorded. Wait for it to finish.'; + } else if ( ! canEdit('Events') ) { + return 'You do not have rights to edit Events.'; + } + return 'Unknown reason'; + } + } # end class ?> diff --git a/web/skins/classic/views/event.php b/web/skins/classic/views/event.php index 7feed10df..b09f88acc 100644 --- a/web/skins/classic/views/event.php +++ b/web/skins/classic/views/event.php @@ -132,8 +132,8 @@ if ( ! $Event->Id() ) { Cause()) ?> StartTime() ) ) ?> Length().'s' ?> - ">Frames() ?>/AlarmFrames() ?> - ">TotScore() ?>/AvgScore() ?>/MaxScore() ?> + Frames() ?>/AlarmFrames() ?> + TotScore() ?>/AvgScore() ?>/MaxScore() ?> DiskSpace(null)) . ' on ' . $Event->Storage()->Name() ?>
@@ -146,7 +146,7 @@ if ( ! $Event->Id() ) { -
+
Archived == 1 ? ' class="hidden"' : '' ?>>
Archived == 0 ? ' class="hidden"' : '' ?>>
From 4e51379087258ceb2328ce6960e3ad58edf0cb35 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 10:00:15 -0400 Subject: [PATCH 104/360] spacing --- web/ajax/status.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/web/ajax/status.php b/web/ajax/status.php index f95f16c8c..804d8e278 100644 --- a/web/ajax/status.php +++ b/web/ajax/status.php @@ -193,7 +193,7 @@ function collectData() { $entitySpec = &$statusData[strtolower(validJsStr($_REQUEST['entity']))]; #print_r( $entitySpec ); if ( !canView( $entitySpec['permission'] ) ) - ajaxError( 'Unrecognised action or insufficient permissions' ); + ajaxError('Unrecognised action or insufficient permissions'); if ( !empty($entitySpec['func']) ) { $data = eval( 'return( '.$entitySpec['func']." );" ); @@ -398,9 +398,9 @@ function getNearEvents() { global $user, $sortColumn, $sortOrder; $eventId = $_REQUEST['id']; - $event = dbFetchOne( 'SELECT * FROM Events WHERE Id=?', NULL, array( $eventId ) ); + $event = dbFetchOne('SELECT * FROM Events WHERE Id=?', NULL, array($eventId)); - parseFilter( $_REQUEST['filter'] ); + parseFilter($_REQUEST['filter']); parseSort(); if ( $user['MonitorIds'] ) @@ -419,8 +419,8 @@ function getNearEvents() { $sql .= ', E.Id DESC'; } $sql .= ' LIMIT 1'; - $result = dbQuery( $sql ); - $prevEvent = dbFetchNext( $result ); + $result = dbQuery($sql); + $prevEvent = dbFetchNext($result); $sql = "SELECT E.Id AS Id, E.StartTime AS StartTime FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE $sortColumn ".($sortOrder=='asc'?'>=':'<=')." '".$event[$_REQUEST['sort_field']]."'".$_REQUEST['filter']['sql'].$midSql.' AND E.Id>'.$event['Id'] . " ORDER BY $sortColumn $sortOrder"; if ( $sortColumn != 'E.Id' ) { From c02eb2cd46f2a47ca3b3d81e09ef530cb83fb918 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 10:00:51 -0400 Subject: [PATCH 105/360] spacing --- web/ajax/stream.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/web/ajax/stream.php b/web/ajax/stream.php index 8d5348ca8..f37012e54 100644 --- a/web/ajax/stream.php +++ b/web/ajax/stream.php @@ -35,11 +35,11 @@ if ( sem_acquire($semaphore,1) !== false ) { $msg = pack( 'lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['rate']+32768 ); break; case CMD_ZOOMIN : - ZM\Logger::Debug( 'Zooming to '.$_REQUEST['x'].",".$_REQUEST['y'] ); + ZM\Logger::Debug( 'Zooming to '.$_REQUEST['x'].','.$_REQUEST['y'] ); $msg = pack( 'lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] ); break; case CMD_PAN : - ZM\Logger::Debug( 'Panning to '.$_REQUEST['x'].",".$_REQUEST['y'] ); + ZM\Logger::Debug( 'Panning to '.$_REQUEST['x'].','.$_REQUEST['y'] ); $msg = pack( 'lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] ); break; case CMD_SCALE : @@ -131,7 +131,7 @@ if ( sem_acquire($semaphore,1) !== false ) { $data['auth'] = generateAuthHash(ZM_AUTH_HASH_IPS); } } - ajaxResponse( array( 'status'=>$data ) ); + ajaxResponse(array('status'=>$data)); break; case MSG_DATA_EVENT : if ( version_compare( phpversion(), '5.6.0', '<') ) { @@ -158,16 +158,16 @@ if ( sem_acquire($semaphore,1) !== false ) { sem_release($semaphore); } else { ZM\Logger::Debug("Couldn't get semaphore"); - ajaxResponse( array() ); + ajaxResponse(array()); } ajaxError('Unrecognised action or insufficient permissions in ajax/stream'); function ajaxCleanup() { global $socket, $localSocketFile; - if ( !empty( $socket ) ) - @socket_close( $socket ); - if ( !empty( $localSocketFile ) ) - @unlink( $localSocketFile ); + if ( !empty($socket) ) + @socket_close($socket); + if ( !empty($localSocketFile) ) + @unlink($localSocketFile); } ?> From db9ba7eeabef3c8ced51716dce89909bd5fba58b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 10:02:15 -0400 Subject: [PATCH 106/360] Add StartDateTime and EndDateTime as Sort options. Fixes #2614 --- web/includes/functions.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/web/includes/functions.php b/web/includes/functions.php index 6b9231019..141dbfea6 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -1050,9 +1050,15 @@ function parseSort( $saveToSession=false, $querySep='&' ) { case 'StartTime' : $sortColumn = 'E.StartTime'; break; + case 'StartDateTime' : + $sortColumn = 'E.StartTime'; + break; case 'EndTime' : $sortColumn = 'E.EndTime'; break; + case 'EndDateTime' : + $sortColumn = 'E.EndTime'; + break; case 'Length' : $sortColumn = 'E.Length'; break; From 0a8b7c24dbb39fd9be5bd1e6b4a24b7db55dac7a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 10:52:31 -0400 Subject: [PATCH 107/360] don't check for alarmed zones to record stats for unless we are alarmed --- src/zm_monitor.cpp | 53 +++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index b1a79ac4b..a33ed81e3 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -1483,7 +1483,7 @@ bool Monitor::Analyse() { } // end if section_length } // end if event - if ( ! event ) { + if ( !event ) { // Create event event = new Event(this, *timestamp, "Continuous", noteSetMap, videoRecording); @@ -1557,16 +1557,16 @@ bool Monitor::Analyse() { if ( (!pre_event_count) || (Event::PreAlarmCount() >= alarm_frame_count) ) { shared_data->state = state = ALARM; // lets construct alarm cause. It will contain cause + names of zones alarmed - std::string alarm_cause=""; - for ( int i=0; i < n_zones; i++) { - if (zones[i]->Alarmed()) { - alarm_cause = alarm_cause+ ","+ std::string(zones[i]->Label()); + std::string alarm_cause = ""; + for ( int i=0; i < n_zones; i++ ) { + if ( zones[i]->Alarmed() ) { + alarm_cause = alarm_cause + "," + std::string(zones[i]->Label()); } - } - if (!alarm_cause.empty()) alarm_cause[0]=' '; - alarm_cause = cause+alarm_cause; - strncpy(shared_data->alarm_cause,alarm_cause.c_str(), sizeof(shared_data->alarm_cause)-1); - Info("%s: %03d - Gone into alarm state PreAlarmCount: %u > AlarmFrameCount:%u Cause:%s", + } + if ( !alarm_cause.empty() ) alarm_cause[0] = ' '; + alarm_cause = cause + alarm_cause; + strncpy(shared_data->alarm_cause,alarm_cause.c_str(), sizeof(shared_data->alarm_cause)-1); + Info("%s: %03d - Gone into alarm state PreAlarmCount: %u > AlarmFrameCount:%u Cause:%s", name, image_count, Event::PreAlarmCount(), alarm_frame_count, shared_data->alarm_cause); if ( signal_change || (function != MOCORD && state != ALERT) ) { int pre_index; @@ -1633,7 +1633,7 @@ bool Monitor::Analyse() { pre_index = (pre_index + 1)%image_buffer_count; } } - event->AddFrames( pre_event_images, images, timestamps ); + event->AddFrames(pre_event_images, images, timestamps); } if ( alarm_frame_count ) { event->SavePreAlarmFrames(); @@ -1683,17 +1683,16 @@ bool Monitor::Analyse() { if ( state == PREALARM || state == ALARM ) { if ( config.create_analysis_images ) { bool got_anal_image = false; - alarm_image.Assign( *snap_image ); - for( int i = 0; i < n_zones; i++ ) { + alarm_image.Assign(*snap_image); + for ( int i = 0; i < n_zones; i++ ) { if ( zones[i]->Alarmed() ) { if ( zones[i]->AlarmImage() ) { alarm_image.Overlay(*(zones[i]->AlarmImage())); got_anal_image = true; } - if ( config.record_event_stats && state == ALARM ) { + if ( config.record_event_stats && (state == ALARM) ) zones[i]->RecordStats(event); - } - } + } // end if zone is alarmed } // end foreach zone if ( got_anal_image ) { @@ -1708,18 +1707,20 @@ bool Monitor::Analyse() { event->AddFrame(snap_image, *timestamp, score); } } else { - for ( int i = 0; i < n_zones; i++ ) { - if ( zones[i]->Alarmed() ) { - if ( config.record_event_stats && state == ALARM ) { - zones[i]->RecordStats(event); - } - } - } - if ( state == PREALARM ) + // Not doing alarm frame storage + if ( state == PREALARM ) { Event::AddPreAlarmFrame(snap_image, *timestamp, score); - else + } else { event->AddFrame(snap_image, *timestamp, score); - } + if ( config.record_event_stats ) { + for ( int i = 0; i < n_zones; i++ ) { + if ( zones[i]->Alarmed() ) + zones[i]->RecordStats(event); + } + } // end if config.record_event_stats + } + } // end if config.create_analysis_images + if ( event ) { if ( noteSetMap.size() > 0 ) event->updateNotes(noteSetMap); From 3dd5caebcae3626b77b0b61dc8958a21a012341b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 11:49:27 -0400 Subject: [PATCH 108/360] fix quotes and stop merging lines of options help. Change MaxFPS help to advise against setting a value --- web/lang/en_gb.php | 67 +++++++++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 28 deletions(-) diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index cb5037045..e84f0c0b4 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -966,43 +966,54 @@ function zmVlang( $langVarArray, $count ) // So for example, to override the help text for ZM_LANG_DEFAULT do $OLANG = array( 'OPTIONS_FFMPEG' => array( - 'Help' => "Parameters in this field are passed on to FFmpeg. Multiple parameters can be separated by ,~~ ". - "Examples (do not enter quotes)~~~~". - "\"allowed_media_types=video\" Set datatype to request fromcam (audio, video, data)~~~~". - "\"reorder_queue_size=nnn\" Set number of packets to buffer for handling of reordered packets~~~~". - "\"loglevel=debug\" Set verbosity of FFmpeg (quiet, panic, fatal, error, warning, info, verbose, debug)" + 'Help' => ' + Parameters in this field are passed on to FFmpeg. Multiple parameters can be separated by ,~~ + Examples (do not enter quotes)~~~~ + "allowed_media_types=video" Set datatype to request fromcam (audio, video, data)~~~~ + "reorder_queue_size=nnn" Set number of packets to buffer for handling of reordered packets~~~~ + "loglevel=debug" Set verbosity of FFmpeg (quiet, panic, fatal, error, warning, info, verbose, debug) + ' ), 'OPTIONS_RTSPTrans' => array( - 'Help' => "This sets the RTSP Transport Protocol for FFmpeg.~~ ". - "TCP - Use TCP (interleaving within the RTSP control channel) as transport protocol.~~". - "UDP - Use UDP as transport protocol. Higher resolution cameras have experienced some 'smearing' while using UDP, if so try TCP~~". - "UDP Multicast - Use UDP Multicast as transport protocol~~". - "HTTP - Use HTTP tunneling as transport protocol, which is useful for passing proxies.~~" + 'Help' => ' + This sets the RTSP Transport Protocol for FFmpeg.~~ + TCP - Use TCP (interleaving within the RTSP control channel) as transport protocol.~~ + UDP - Use UDP as transport protocol. Higher resolution cameras have experienced some \'smearing\' while using UDP, if so try TCP~~ + UDP Multicast - Use UDP Multicast as transport protocol~~ + HTTP - Use HTTP tunneling as transport protocol, which is useful for passing proxies.~~ + ' ), 'OPTIONS_LIBVLC' => array( - 'Help' => "Parameters in this field are passed on to libVLC. Multiple parameters can be separated by ,~~ ". - "Examples (do not enter quotes)~~~~". - "\"--rtp-client-port=nnn\" Set local port to use for rtp data~~~~". - "\"--verbose=2\" Set verbosity of libVLC" + 'Help' => ' + Parameters in this field are passed on to libVLC. Multiple parameters can be separated by ,~~ + Examples (do not enter quotes)~~~~ + "--rtp-client-port=nnn" Set local port to use for rtp data~~~~ + "--verbose=2" Set verbosity of libVLC + ' ), 'OPTIONS_EXIF' => array( - 'Help' => "Enable this option to embed EXIF data into each jpeg frame." + 'Help' => 'Enable this option to embed EXIF data into each jpeg frame.' ), 'OPTIONS_RTSPDESCRIBE' => array( - 'Help' => "Sometimes, during the initial RTSP handshake, the camera will send an updated media URL. ". - "Enable this option to tell ZoneMinder to use this URL. Disable this option to ignore the ". - "value from the camera and use the value as entered in the monitor configuration~~~~". - "Generally this should be enabled. However, there are cases where the camera can get its". - "own URL incorrect, such as when the camera is streaming through a firewall"), + 'Help' => ' + Sometimes, during the initial RTSP handshake, the camera will send an updated media URL. + Enable this option to tell ZoneMinder to use this URL. Disable this option to ignore the + value from the camera and use the value as entered in the monitor configuration~~~~ + Generally this should be enabled. However, there are cases where the camera can get its + own URL incorrect, such as when the camera is streaming through a firewall + ' + ), 'OPTIONS_MAXFPS' => array( - 'Help' => "This field has certain limitations when used for non-local devices.~~ ". - "Failure to adhere to these limitations will cause a delay in live video, irregular frame skipping, ". - "and missed events~~". - "For streaming IP cameras, do not use this field to reduce the frame rate. Set the frame rate in the". - " camera, instead. You can, however, use a value that is slightly higher than the frame rate in the camera. ". - "In this case, this helps keep the cpu from being overtaxed in the event of a network problem.~~". - "Some, mostly older, IP cameras support snapshot mode. In this case ZoneMinder is actively polling the camera ". - "for new images. In this case, it is safe to use the field." + 'Help' => ' + This field has certain limitations when used for non-local devices.~~ + Failure to adhere to these limitations will cause a delay in live video, irregular frame skipping, + and missed events~~ + For streaming IP cameras, do not use this field to reduce the frame rate. Set the frame rate in the + camera, instead. In the past it was advised to set a value higher than the frame rate of the camera + but this is no longer needed or a good idea. + Some, mostly older, IP cameras support snapshot mode. In this case ZoneMinder is actively polling the camera + for new images. In this case, it is safe to use the field. + ' ), // 'LANG_DEFAULT' => array( From b6747e9b1f53dc8e57f3e963238a43261faad066 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 11:49:59 -0400 Subject: [PATCH 109/360] spacing --- web/skins/classic/views/monitor.php | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index 8f86cfc04..9ba688e2e 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -552,14 +552,14 @@ echo ' Triggers() ) { - foreach( explode( ',', $monitor->Triggers() ) as $newTrigger ) { + foreach( explode(',', $monitor->Triggers()) as $newTrigger ) { ?> Type()!= 'Local') ) { +if ( ZM_HAS_V4L && ($tab != 'source' || $monitor->Type() != 'Local') ) { ?> @@ -701,10 +701,10 @@ switch ( $tab ) { echo htmlSelect( 'newMonitor[StorageId]', $storage_areas, $monitor->StorageId() ); ?> - Type() ); ?> + Type()); ?> +  () - + Type() == 'Local' ) { -  () +  () Exif() ) { ?> checked="checked"/> Type() == 'Local' ) { - From 2eebdb094c58d199f066ac67fe63924187a45877 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 11:54:14 -0400 Subject: [PATCH 110/360] move chosen setup to initPage --- web/skins/classic/views/js/monitor.js | 1 + 1 file changed, 1 insertion(+) diff --git a/web/skins/classic/views/js/monitor.js b/web/skins/classic/views/js/monitor.js index ff57b774f..ec8017143 100644 --- a/web/skins/classic/views/js/monitor.js +++ b/web/skins/classic/views/js/monitor.js @@ -73,6 +73,7 @@ function initPage() { return false; } }); + $j('.chosen').chosen(); } // end function initPage() window.addEventListener('DOMContentLoaded', initPage); From e2d56597bf33f6fea9bd533c2a859c1d8c7a49f9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 12:40:02 -0400 Subject: [PATCH 111/360] Don't use an onlick inline js to show the caution text --- web/skins/classic/views/js/monitor.js | 25 ++++++++++++++++++++++++- web/skins/classic/views/monitor.php | 10 ++++++++-- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/web/skins/classic/views/js/monitor.js b/web/skins/classic/views/js/monitor.js index ec8017143..7456c8c1b 100644 --- a/web/skins/classic/views/js/monitor.js +++ b/web/skins/classic/views/js/monitor.js @@ -68,12 +68,35 @@ function initPage() { // Disable form submit on enter $j('#contentForm input').on('keyup keypress', function(e) { var keyCode = e.keyCode || e.which; - if (keyCode === 13) { + if ( keyCode == 13 ) { e.preventDefault(); return false; } }); + + document.querySelectorAll('input[name="newMonitor[MaxFPS]"]').forEach(function(el) { + el.oninput = el.onclick = function(e) { + if ( e.target.value ) { + console.log('showing'); + $j('#newMonitor\\[MaxFPS\\]').show(); + } else { + $j('#newMonitor\\[MaxFPS\\]').hide(); + } + }; + }); + document.querySelectorAll('input[name="newMonitor[AlarmMaxFPS]"]').forEach(function(el) { + el.oninput = el.onclick = function(e) { + if ( e.target.value ) { + console.log('showing'); + $j('#newMonitor\\[AlarmMaxFPS\\]').show(); + } else { + $j('#newMonitor\\[AlarmMaxFPS\\]').hide(); + } + }; + }); + $j('.chosen').chosen(); + } // end function initPage() window.addEventListener('DOMContentLoaded', initPage); diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index 9ba688e2e..c70893778 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -745,11 +745,17 @@ echo htmlOptions(ZM\Group::get_dropdown_options( ), $monitor->GroupIds() ); ?>  () - + + + CAUTION: See the help text +  () - + + + CAUTION: See the help text + Date: Fri, 24 May 2019 13:45:48 -0400 Subject: [PATCH 112/360] Fix superfast playback after replay --- src/zm_eventstream.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/zm_eventstream.cpp b/src/zm_eventstream.cpp index e69185858..a2dd02ac0 100644 --- a/src/zm_eventstream.cpp +++ b/src/zm_eventstream.cpp @@ -800,7 +800,7 @@ void EventStream::runStream() { // commands may set send_frame to true while ( checkCommandQueue() && !zm_terminate ) { // The idea is to loop here processing all commands before proceeding. - Debug(1, "Have command queue"); + Debug(1, "Have command queue"); } Debug(1, "Done command queue"); @@ -903,16 +903,18 @@ Debug(3,"cur_frame_id (%d-1) mod frame_mod(%d)",curr_frame_id, frame_mod); if ( !paused ) { // +/- 1? What if we are skipping frames? curr_frame_id += (replay_rate>0) ? frame_mod : -1*frame_mod; + // sending the frame may have taken some time, so reload now + gettimeofday(&now, NULL); + uint64_t now_usec = (now.tv_sec * 1000000 + now.tv_usec); if ( (mode == MODE_SINGLE) && ((unsigned int)curr_frame_id == event_data->frame_count) ) { Debug(2, "Have mode==MODE_SINGLE and at end of event, looping back to start"); curr_frame_id = 1; + // Have to reset start_usec to now when replaying + start_usec = now_usec; } frame_data = &event_data->frames[curr_frame_id-1]; - // sending the frame may have taken some time, so reload now - gettimeofday(&now, NULL); - uint64_t now_usec = (now.tv_sec * 1000000 + now.tv_usec); // frame_data->delta is the time since last frame as a float in seconds // but what if we are skipping frames? We need the distance from the last frame sent // Also, what about reverse? needs to be absolute value From 34370e0060476eb565112c1c42f2e749a28d70b0 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 13:47:07 -0400 Subject: [PATCH 113/360] test for error code from db creation and if there is an error, die with an error code. (#2611) --- distros/debian/postinst | 4 ++++ distros/ubuntu1204/zoneminder.postinst | 4 ++++ distros/ubuntu1604/zoneminder.postinst | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/distros/debian/postinst b/distros/debian/postinst index 3cd3fd277..36472436a 100644 --- a/distros/debian/postinst +++ b/distros/debian/postinst @@ -31,6 +31,10 @@ if [ "$1" = "configure" ]; then # test if database if already present... if ! $(echo quit | mysql --defaults-file=/etc/mysql/debian.cnf zm > /dev/null 2> /dev/null) ; then cat /usr/share/zoneminder/db/zm_create.sql | mysql --defaults-file=/etc/mysql/debian.cnf + if [ $? -ne 0 ]; then + echo "Error creating db." + exit 1; + fi # This creates the user. echo "grant lock tables, alter,select,insert,update,delete,create,index on ${ZM_DB_NAME}.* to '${ZM_DB_USER}'@localhost identified by \"${ZM_DB_PASS}\";" | mysql --defaults-file=/etc/mysql/debian.cnf mysql else diff --git a/distros/ubuntu1204/zoneminder.postinst b/distros/ubuntu1204/zoneminder.postinst index ef715375b..603786ff6 100644 --- a/distros/ubuntu1204/zoneminder.postinst +++ b/distros/ubuntu1204/zoneminder.postinst @@ -34,6 +34,10 @@ if [ "$1" = "configure" ]; then # test if database if already present... if ! $(echo quit | mysql --defaults-file=/etc/mysql/debian.cnf zm > /dev/null 2> /dev/null) ; then cat /usr/share/zoneminder/db/zm_create.sql | mysql --defaults-file=/etc/mysql/debian.cnf + if [ $? -ne 0 ]; then + echo "Error creating db." + exit 1; + fi # This creates the user. echo "grant lock tables, alter,drop,select,insert,update,delete,create,index,alter routine,create routine, trigger,execute on ${ZM_DB_NAME}.* to '${ZM_DB_USER}'@localhost identified by \"${ZM_DB_PASS}\";" | mysql --defaults-file=/etc/mysql/debian.cnf mysql else diff --git a/distros/ubuntu1604/zoneminder.postinst b/distros/ubuntu1604/zoneminder.postinst index ffde50283..d3983950b 100644 --- a/distros/ubuntu1604/zoneminder.postinst +++ b/distros/ubuntu1604/zoneminder.postinst @@ -56,6 +56,10 @@ if [ "$1" = "configure" ]; then if ! $(echo quit | mysql --defaults-file=/etc/mysql/debian.cnf zm > /dev/null 2> /dev/null) ; then echo "Creating zm db" cat /usr/share/zoneminder/db/zm_create.sql | mysql --defaults-file=/etc/mysql/debian.cnf + if [ $? -ne 0 ]; then + echo "Error creating db." + exit 1; + fi # This creates the user. echo "grant lock tables,alter,drop,select,insert,update,delete,create,index,alter routine,create routine, trigger,execute on ${ZM_DB_NAME}.* to '${ZM_DB_USER}'@localhost identified by \"${ZM_DB_PASS}\";" | mysql --defaults-file=/etc/mysql/debian.cnf mysql else From fc27393a96ac4ae3e622c0a664df9d7dbe5d25fb Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 24 May 2019 13:48:40 -0400 Subject: [PATCH 114/360] Replace MySQL Password() with bcrypt, allow for alternate JWT tokens (#2598) * added sha1 and bcrypt submodules * added bcrypt and sha to src build process * added test sha1 and bcrypt code to validate working * bcrypt auth migration in PHP land * added include path * add sha source * added bcrypt to others * put link_dir ahead of add_executable * fixed typo * try add_library instead * absolute path * absolute path * build bcrypt as static * move to wrapper * move to fork * logs tweak * added lib-ssl/dev for JWT signing * Moved to openSSL SHA1, initial JWT plugin * removed vog * fixed SHA1 algo * typo * use php-jwt, use proper way to add PHP modules, via composer * fixed module path * first attempt to fix cast error * own fork * own fork * add composer vendor directory * go back to jwt-cpp as PR merged * moved to jwt-cpp after PR merge * New token= query for JWT * Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading * JWT integration, validate JWT token via validateToken * added token validation to zms/zmu/zmuser * add token to command line for zmu * move decode inside try/catch * exception handling for try/catch * fix db read, forgot to exec query * remove allowing auth_hash_ip for token * support refresh tokens as well for increased security * remove auth_hash_ip * Error out if used did not create an AUTH_HASH_SECRET * fixed type conversion * make sure refresh token login doesn't generate another refresh token * fix absolute path * move JWT/Bcrypt inside zm_crypt * move sha headers out * move out sha header * handle case when supplied password is hashed, fix wrong params in AppController * initial baby step for api tab * initial plumbing to introduce token expiry and API bans per user * remove M typo * display user table in api * added revoke all tokens code, removed test code * use strtoul for conversion * use strtoul for conversion * use strtoul for conversion * more fixes * more fixes * add mintokenexpiry to DB seek * typo * add ability to revoke tokens and enable/disable APIs per user * moved API enable back to system * comma * enable API options only if API enabled * move user creation to bcrypt * added password_compat for PHP >=5.3 <5.5 * add Password back so User object indexes don't change * move token index after adding password * demote logs * make old API auth optional, on by default * make old API auth mechanism optional * removed stale code * forgot to checkin update file * bulk overlay hash mysql encoded passwords * add back ssl_dev, got deleted * fix update script * added token support to index.php * reworked API document for new changes in 2.0 * Migrate from libdigest to crypt-eks-blowfish due to notice * merge typo * css classess for text that disappear * fixed html typo * added deps to ubuntu control files * spaces * removed extra line * when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist * add libssl1.0.0 for ubuntu 16/12 * small API fixes * clean up of API, remove redundant sections * moved to ZM fork for bcrypt * whitespace and google code style * regenerate auth hash if doing password migration * dont need AUTH HASH LOGIN to be on * Add auth hash verification to the user logged in already case * fix missing ] * reject requests if per user API disabled --- .gitmodules | 6 + CMakeLists.txt | 7 + db/zm_create.sql.in | 2 + db/zm_update-1.33.9.sql | 27 ++ distros/debian/control | 5 + distros/ubuntu1204/control | 11 +- distros/ubuntu1604/control | 6 + docs/api.rst | 366 +++++++++----- .../lib/ZoneMinder/ConfigData.pm.in | 11 + scripts/zmupdate.pl.in | 23 + src/CMakeLists.txt | 12 +- src/zm_crypt.cpp | 117 +++++ src/zm_crypt.h | 31 ++ src/zm_user.cpp | 107 ++++- src/zm_user.h | 1 + src/zms.cpp | 14 +- src/zmu.cpp | 15 +- third_party/bcrypt | 1 + third_party/jwt-cpp | 1 + version | 2 +- web/.gitignore | 2 +- web/CMakeLists.txt | 2 +- web/api/app/Controller/AppController.php | 43 +- web/api/app/Controller/HostController.php | 174 +++++-- web/composer.json | 6 + web/composer.lock | 106 +++++ web/includes/actions/options.php | 1 + web/includes/actions/user.php | 29 +- web/includes/auth.php | 229 ++++++++- web/lang/en_gb.php | 4 + web/skins/classic/css/base/skin.css | 43 ++ web/skins/classic/views/options.php | 90 +++- web/vendor/autoload.php | 7 + web/vendor/composer/ClassLoader.php | 445 ++++++++++++++++++ web/vendor/composer/LICENSE | 56 +++ web/vendor/composer/autoload_classmap.php | 9 + web/vendor/composer/autoload_files.php | 10 + web/vendor/composer/autoload_namespaces.php | 9 + web/vendor/composer/autoload_psr4.php | 10 + web/vendor/composer/autoload_real.php | 70 +++ web/vendor/composer/autoload_static.php | 35 ++ web/vendor/composer/installed.json | 94 ++++ web/vendor/firebase/php-jwt/LICENSE | 30 ++ web/vendor/firebase/php-jwt/README.md | 200 ++++++++ web/vendor/firebase/php-jwt/composer.json | 29 ++ .../php-jwt/src/BeforeValidException.php | 7 + .../firebase/php-jwt/src/ExpiredException.php | 7 + web/vendor/firebase/php-jwt/src/JWT.php | 379 +++++++++++++++ .../php-jwt/src/SignatureInvalidException.php | 7 + .../ircmaxell/password-compat/LICENSE.md | 7 + .../ircmaxell/password-compat/composer.json | 20 + .../password-compat/lib/password.php | 314 ++++++++++++ .../password-compat/version-test.php | 6 + 53 files changed, 3000 insertions(+), 245 deletions(-) create mode 100644 db/zm_update-1.33.9.sql create mode 100644 src/zm_crypt.cpp create mode 100644 src/zm_crypt.h create mode 160000 third_party/bcrypt create mode 160000 third_party/jwt-cpp create mode 100644 web/composer.json create mode 100644 web/composer.lock create mode 100644 web/vendor/autoload.php create mode 100644 web/vendor/composer/ClassLoader.php create mode 100644 web/vendor/composer/LICENSE create mode 100644 web/vendor/composer/autoload_classmap.php create mode 100644 web/vendor/composer/autoload_files.php create mode 100644 web/vendor/composer/autoload_namespaces.php create mode 100644 web/vendor/composer/autoload_psr4.php create mode 100644 web/vendor/composer/autoload_real.php create mode 100644 web/vendor/composer/autoload_static.php create mode 100644 web/vendor/composer/installed.json create mode 100644 web/vendor/firebase/php-jwt/LICENSE create mode 100644 web/vendor/firebase/php-jwt/README.md create mode 100644 web/vendor/firebase/php-jwt/composer.json create mode 100644 web/vendor/firebase/php-jwt/src/BeforeValidException.php create mode 100644 web/vendor/firebase/php-jwt/src/ExpiredException.php create mode 100644 web/vendor/firebase/php-jwt/src/JWT.php create mode 100644 web/vendor/firebase/php-jwt/src/SignatureInvalidException.php create mode 100644 web/vendor/ircmaxell/password-compat/LICENSE.md create mode 100644 web/vendor/ircmaxell/password-compat/composer.json create mode 100644 web/vendor/ircmaxell/password-compat/lib/password.php create mode 100644 web/vendor/ircmaxell/password-compat/version-test.php diff --git a/.gitmodules b/.gitmodules index eb0e282a2..b64d78997 100644 --- a/.gitmodules +++ b/.gitmodules @@ -5,3 +5,9 @@ [submodule "web/api/app/Plugin/CakePHP-Enum-Behavior"] path = web/api/app/Plugin/CakePHP-Enum-Behavior url = https://github.com/ZoneMinder/CakePHP-Enum-Behavior.git +[submodule "third_party/bcrypt"] + path = third_party/bcrypt + url = https://github.com/ZoneMinder/libbcrypt +[submodule "third_party/jwt-cpp"] + path = third_party/jwt-cpp + url = https://github.com/Thalhammer/jwt-cpp diff --git a/CMakeLists.txt b/CMakeLists.txt index 9646ffc3e..0973f8726 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -870,6 +870,13 @@ include(Pod2Man) ADD_MANPAGE_TARGET() # Process subdirectories + +# build a bcrypt static library +set(BUILD_SHARED_LIBS_SAVED "${BUILD_SHARED_LIBS}") +set(BUILD_SHARED_LIBS OFF) +add_subdirectory(third_party/bcrypt) +set(BUILD_SHARED_LIBS "${BUILD_SHARED_LIBS_SAVED}") + add_subdirectory(src) add_subdirectory(scripts) add_subdirectory(db) diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index a5f5cb70c..557745ab9 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -640,6 +640,8 @@ CREATE TABLE `Users` ( `System` enum('None','View','Edit') NOT NULL default 'None', `MaxBandwidth` varchar(16), `MonitorIds` text, + `TokenMinExpiry` BIGINT UNSIGNED NOT NULL DEFAULT 0, + `APIEnabled` tinyint(3) UNSIGNED NOT NULL default 1, PRIMARY KEY (`Id`), UNIQUE KEY `UC_Username` (`Username`) ) ENGINE=@ZM_MYSQL_ENGINE@; diff --git a/db/zm_update-1.33.9.sql b/db/zm_update-1.33.9.sql new file mode 100644 index 000000000..e0d289ba4 --- /dev/null +++ b/db/zm_update-1.33.9.sql @@ -0,0 +1,27 @@ +-- +-- Add per user API enable/disable and ability to set a minimum issued time for tokens +-- + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Users' + AND column_name = 'TokenMinExpiry' + ) > 0, +"SELECT 'Column TokenMinExpiry already exists in Users'", +"ALTER TABLE Users ADD `TokenMinExpiry` BIGINT UNSIGNED NOT NULL DEFAULT 0 AFTER `MonitorIds`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Users' + AND column_name = 'APIEnabled' + ) > 0, +"SELECT 'Column APIEnabled already exists in Users'", +"ALTER TABLE Users ADD `APIEnabled` tinyint(3) UNSIGNED NOT NULL default 1 AFTER `TokenMinExpiry`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; diff --git a/distros/debian/control b/distros/debian/control index 4c23ab367..3296b88c3 100644 --- a/distros/debian/control +++ b/distros/debian/control @@ -26,6 +26,8 @@ Build-Depends: debhelper (>= 9), cmake , libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl , libsys-cpu-perl, libsys-meminfo-perl , libdata-uuid-perl + , libssl-dev + , libcrypt-eksblowfish-perl, libdata-entropy-perl Standards-Version: 3.9.4 Package: zoneminder @@ -51,6 +53,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} , zip , libvlccore5 | libvlccore7 | libvlccore8, libvlc5 , libpolkit-gobject-1-0, php5-gd + , libssl + ,libcrypt-eksblowfish-perl, libdata-entropy-perl + Recommends: mysql-server | mariadb-server Description: Video camera security and surveillance solution ZoneMinder is intended for use in single or multi-camera video security diff --git a/distros/ubuntu1204/control b/distros/ubuntu1204/control index f1756c5e8..9e54e2aa3 100644 --- a/distros/ubuntu1204/control +++ b/distros/ubuntu1204/control @@ -23,6 +23,9 @@ Build-Depends: debhelper (>= 9), python-sphinx | python3-sphinx, apache2-dev, dh ,libsys-mmap-perl [!hurd-any] ,libwww-perl ,libdata-uuid-perl + ,libssl-dev + ,libcrypt-eksblowfish-perl + ,libdata-entropy-perl # Unbundled (dh_linktree): ,libjs-jquery ,libjs-mootools @@ -63,8 +66,12 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,policykit-1 ,rsyslog | system-log-daemon ,zip - ,libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl - , libsys-cpu-perl, libsys-meminfo-perl + ,libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl + ,libio-socket-multicast-perl, libdigest-sha-perl + ,libsys-cpu-perl, libsys-meminfo-perl + ,libssl | libssl1.0.0 + ,libcrypt-eksblowfish-perl + ,libdata-entropy-perl Recommends: ${misc:Recommends} ,libapache2-mod-php5 | php5-fpm ,mysql-server | virtual-mysql-server diff --git a/distros/ubuntu1604/control b/distros/ubuntu1604/control index 415f54c9f..30451f7e1 100644 --- a/distros/ubuntu1604/control +++ b/distros/ubuntu1604/control @@ -30,6 +30,9 @@ Build-Depends: debhelper (>= 9), dh-systemd, python-sphinx | python3-sphinx, apa ,libsys-mmap-perl [!hurd-any] ,libwww-perl ,libdata-uuid-perl + ,libssl-dev + ,libcrypt-eksblowfish-perl + ,libdata-entropy-perl # Unbundled (dh_linktree): ,libjs-jquery ,libjs-mootools @@ -76,6 +79,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,rsyslog | system-log-daemon ,zip ,libpcre3 + ,libssl | libssl1.0.0 + ,libcrypt-eksblowfish-perl + ,libdata-entropy-perl Recommends: ${misc:Recommends} ,libapache2-mod-php5 | libapache2-mod-php | php5-fpm | php-fpm ,mysql-server | mariadb-server | virtual-mysql-server diff --git a/docs/api.rst b/docs/api.rst index 2f90b7fdf..177678977 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -1,10 +1,12 @@ + API ==== -This document will provide an overview of ZoneMinder's API. This is work in progress. +This document will provide an overview of ZoneMinder's API. Overview ^^^^^^^^ + In an effort to further 'open up' ZoneMinder, an API was needed. This will allow quick integration with and development of ZoneMinder. @@ -12,178 +14,178 @@ The API is built in CakePHP and lives under the ``/api`` directory. It provides a RESTful service and supports CRUD (create, retrieve, update, delete) functions for Monitors, Events, Frames, Zones and Config. -Streaming Interface -^^^^^^^^^^^^^^^^^^^ -Developers working on their application often ask if there is an "API" to receive live streams, or recorded event streams. -It is possible to stream both live and recorded streams. This isn't strictly an "API" per-se (that is, it is not integrated -into the Cake PHP based API layer discussed here) and also why we've used the term "Interface" instead of an "API". +API evolution +^^^^^^^^^^^^^^^ -Live Streams -~~~~~~~~~~~~~~ -What you need to know is that if you want to display "live streams", ZoneMinder sends you streaming JPEG images (MJPEG) -which can easily be rendered in a browser using an ``img src`` tag. +The ZoneMinder API has evolved over time. Broadly speaking the iterations were as follows: -For example: +* Prior to version 1.29, there really was no API layer. Users had to use the same URLs that the web console used to 'mimic' operations, or use an XML skin +* Starting version 1.29, a v1.0 CakePHP based API was released which continues to evolve over time. From a security perspective, it still tied into ZM auth and required client cookies for many operations. Primarily, two authentication modes were offered: + * You use cookies to maintain session state (`ZM_SESS_ID`) + * You use an authentication hash to validate yourself, which included encoding personal information and time stamps which at times caused timing validation issues, especially for mobile consumers +* Starting version 1.34, ZoneMinder has introduced a new "token" based system which is based JWT. We have given it a '2.0' version ID. These tokens don't encode any personal data and can be statelessly passed around per request. It introduces concepts like access tokens, refresh tokens and per user level API revocation to manage security better. The internal components of ZoneMinder all support this new scheme now and if you are using the APIs we strongly recommend you migrate to 1.34 and use this new token system (as a side note, 1.34 also moves from MYSQL PASSWORD to Bcrypt for passwords, which is also a good reason why you should migate). +* Note that as of 1.34, both versions of API access will work (tokens and the older auth hash mechanism). -:: +.. NOTE:: + For the rest of the document, we will specifically highlight v2.0 only features. If you don't see a special mention, assume it applies for both API versions. - - -will display a live feed from monitor id 1, scaled down by 50% in quality and resized to 640x480px. - -* This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system -* The "auth" token you see above is required if you use ZoneMinder authentication. To understand how to get the auth token, please read the "Login, Logout & API security" section below. -* The "connkey" parameter is essentially a random number which uniquely identifies a stream. If you don't specify a connkey, ZM will generate its own. It is recommended to generate a connkey because you can then use it to "control" the stream (pause/resume etc.) -* Instead of dealing with the "auth" token, you can also use ``&user=username&pass=password`` where "username" and "password" are your ZoneMinder username and password respectively. Note that this is not recommended because you are transmitting them in a URL and even if you use HTTPS, they may show up in web server logs. - - -PTZ on live streams -------------------- -PTZ commands are pretty cryptic in ZoneMinder. This is not meant to be an exhaustive guide, but just something to whet your appetite: - - -Lets assume you have a monitor, with ID=6. Let's further assume you want to pan it left. - -You'd need to send a: -``POST`` command to ``https://yourserver/zm/index.php`` with the following data payload in the command (NOT in the URL) - -``view=request&request=control&id=6&control=moveConLeft&xge=30&yge=30`` - -Obviously, if you are using authentication, you need to be logged in for this to work. - -Like I said, at this stage, this is only meant to get you started. Explore the ZoneMinder code and use "Inspect source" as you use PTZ commands in the ZoneMinder source code. -`control_functions.php `__ is a great place to start. - - -Pre-recorded (past event) streams -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Similar to live playback, if you have chosen to store events in JPEG mode, you can play it back using: - -:: - - - - -* This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system -* This will playback event 293820, starting from frame 1 as an MJPEG stream -* Like before, you can add more parameters like ``scale`` etc. -* auth and connkey have the same meaning as before, and yes, you can replace auth by ``&user=usename&pass=password`` as before and the same security concerns cited above apply. - -If instead, you have chosen to use the MP4 (Video) storage mode for events, you can directly play back the saved video file: - -:: - - - -* This will play back the video recording for event 294690 - -What other parameters are supported? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The best way to answer this question is to play with ZoneMinder console. Open a browser, play back live or recorded feed, and do an "Inspect Source" to see what parameters -are generated. Change and observe. Enabling API -^^^^^^^^^^^^ -A default ZoneMinder installs with APIs enabled. You can explictly enable/disable the APIs -via the Options->System menu by enabling/disabling ``OPT_USE_API``. Note that if you intend -to use APIs with 3rd party apps, such as zmNinja or others that use APIs, you should also -enable ``AUTH_HASH_LOGINS``. +^^^^^^^^^^^^^ -Login, Logout & API Security -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The APIs tie into ZoneMinder's existing security model. This means if you have -OPT_AUTH enabled, you need to log into ZoneMinder using the same browser you plan to -use the APIs from. If you are developing an app that relies on the API, you need -to do a POST login from the app into ZoneMinder before you can access the API. +ZoneMinder comes with APIs enabled. To check if APIs are enabled, visit ``Options->System``. If ``OPT_USE_API`` is enabled, your APIs are active. +For v2.0 APIs, you have an additional option right below it - ``OPT_USE_LEGACY_API_AUTH`` which is enabled by default. When enabled, the `login.json` API (discussed later) will return both the old style (``auth=``) and new style (``token=``) credentials. The reason this is enabled by default is because any existing apps that use the API would break if they were not updated to use v2.0. (Note that zmNinja 1.3.057 and beyond will support tokens) -Then, you need to re-use the authentication information of the login (returned as cookie states) -with subsequent APIs for the authentication information to flow through to the APIs. +Enabling secret key +^^^^^^^^^^^^^^^^^^^ -This means if you plan to use cuRL to experiment with these APIs, you first need to login: +* It is **important** that you create a "Secret Key". This needs to be a set of hard to guess characters, that only you know. ZoneMinder does not create a key for you. It is your responsibility to create it. If you haven't created one already, please do so by going to ``Options->Systems`` and populating ``AUTH_HASH_SECRET``. Don't forget to save. +* If you plan on using V2.0 token based security, **it is mandatory to populate this secret key**, as it is used to sign the token. If you don't, token authentication will fail. V1.0 did not mandate this requirement. -**Login process for ZoneMinder v1.32.0 and above** + +Getting an API key +^^^^^^^^^^^^^^^^^^^^^^^ + +To get an API key: :: - curl -XPOST -d "user=XXXX&pass=YYYY" -c cookies.txt http://yourzmip/zm/api/host/login.json + curl -XPOST [-c cookies.txt] -d "user=yourusername&pass=yourpassword" https://yourserver/zm/api/host/login.json -Staring ZM 1.32.0, you also have a `logout` API that basically clears your session. It looks like this: + +The ``[-c cookies.txt]`` is optional, and will be explained in the next section. + +This returns a payload like this for API v1.0: :: - curl -b cookies.txt http://yourzmip/zm/api/host/logout.json + { + "credentials": "auth=05f3a50e8f7063", + "append_password": 0, + "version": "1.33.9", + "apiversion": "1.0" + } - -**Login process for older versions of ZoneMinder** +Or for API 2.0: :: - curl -d "username=XXXX&password=YYYY&action=login&view=console" -c cookies.txt http://yourzmip/zm/index.php + { + "access_token": "eyJ0eXAiOiJKHE", + "access_token_expires": 3600, + "refresh_token": "eyJ0eXAiOimPs", + "refresh_token_expires": 86400, + "credentials": "auth=05f3a50e8f7063", # only if OPT_USE_LEGACY_API_AUTH is enabled + "append_password": 0, # only if OPT_USE_LEGACY_API_AUTH is enabled + "version": "1.33.9", + "apiversion": "2.0" + } -The equivalent logout process for older versions of ZoneMinder is: +Using these keys with subsequent requests +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Once you have the keys (a.k.a credentials (v1.0, v2.0) or token (v2.0)) you should now supply that key to subsequent API calls like this: :: - curl -XPOST -d "username=XXXX&password=YYYY&action=logout&view=console" -b cookies.txt http://yourzmip/zm/index.php + # RECOMMENDED: v2.0 token based + curl -XPOST https://yourserver/zm/api/monitors.json&token= -replacing *XXXX* and *YYYY* with your username and password, respectively. + # or -Please make sure you do this in a directory where you have write permissions, otherwise cookies.txt will not be created -and the command will silently fail. + # v1.0 or 2.0 based API access (will only work if AUTH_HASH_LOGINS is enabled) + curl -XPOST -d "auth=" https://yourserver/zm/api/monitors.json + + # or + + curl -XGET https://yourserver/zm/api/monitors.json&auth= + + # or, if you specified -c cookies.txt in the original login request + + curl -b cookies.txt -XGET https://yourserver/zm/api/monitors.json -What the "-c cookies.txt" does is store a cookie state reflecting that you have logged into ZM. You now need -to apply that cookie state to all subsequent APIs. You do that by using a '-b cookies.txt' to subsequent APIs if you are -using CuRL like so: +.. NOTE:: + ZoneMinder's API layer allows API keys to be encoded either as a query parameter or as a data payload. If you don't pass keys, you could use cookies (not recommended as a general approach) + + +Key lifetime (v1.0) +^^^^^^^^^^^^^^^^^^^^^ + +If you are using the old credentials mechanism present in v1.0, then the credentials will time out based on PHP session timeout (if you are using cookies), or the value of ``AUTH_HASH_TTL`` (if you are using ``auth=`` and have enabled ``AUTH_HASH_LOGINS``) which defaults to 2 hours. Note that there is no way to look at the hash and decipher how much time is remaining. So it is your responsibility to record the time you got the hash and assume it was generated at the time you got it and re-login before that time expires. + +Key lifetime (v2.0) +^^^^^^^^^^^^^^^^^^^^^^ + +In version 2.0, it is easy to know when a key will expire before you use it. You can find that out from the ``access_token_expires`` and ``refresh_token_exipres`` values (in seconds) after you decode the JWT key (there are JWT decode libraries for every language you want). You should refresh the keys before the timeout occurs, or you will not be able to use the APIs. + +Understanding access/refresh tokens (v2.0) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If you are using V2.0, then you need to know how to use these tokens effectively: + +* Access tokens are short lived. ZoneMinder issues access tokens that live for 3600 seconds (1 hour). +* Access tokens should be used for all subsequent API accesses. +* Refresh tokens should ONLY be used to generate new access tokens. For example, if an access token lives for 1 hour, before the hour completes, invoke the ``login.json`` API above with the refresh token to get a new access token. ZoneMinder issues refresh tokens that live for 24 hours. +* To generate a new refresh token before 24 hours are up, you will need to pass your user login and password to ``login.json`` + +**To Summarize:** + +* Pass your ``username`` and ``password`` to ``login.json`` only once in 24 hours to renew your tokens +* Pass your "refresh token" to ``login.json`` once in two hours (or whatever you have set the value of ``AUTH_HASH_TTL`` to) to renew your ``access token`` +* Use your ``access token`` for all API invocations. + +In fact, V2.0 will reject your request (if it is not to ``login.json``) if it comes with a refresh token instead of an access token to discourage usage of this token when it should not be used. + +This minimizes the amount of sensitive data that is sent over the wire and the lifetime durations are made so that if they get compromised, you can regenerate or invalidate them (more on this later) + +Understanding key security +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Version 1.0 uses an MD5 hash to generate the credentials. The hash is computed over your secret key (if available), username, password and some time parameters (along with remote IP if enabled). This is not a secure/recommended hashing mechanism. If your auth hash is compromised, an attacker will be able to use your hash till it expires. To avoid this, you could disable the user in ZoneMinder. Furthermore, enabling remote IP (``AUTH_HASH_REMOTE_IP``) requires that you issue future requests from the same IP that generated the tokens. While this may be considered an additional layer for security, this can cause issues with mobile devices. + +* Version 2.0 uses a different approach. The hash is a simple base64 encoded form of "claims", but signed with your secret key. Consider for example, the following access key: :: - curl -b cookies.txt http://yourzmip/zm/api/monitors.json + eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJab25lTWluZGVyIiwiaWF0IjoxNTU3OTQwNzUyLCJleHAiOjE1NTc5NDQzNTIsInVzZXIiOiJhZG1pbiIsInR5cGUiOiJhY2Nlc3MifQ.-5VOcpw3cFHiSTN5zfGDSrrPyVya1M8_2Anh5u6eNlI -This would return a list of monitors and pass on the authentication information to the ZM API layer. - -A deeper dive into the login process -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -As you might have seen above, there are two ways to login, one that uses the `login.json` API and the other that logs in using the ZM portal. If you are running ZoneMinder 1.32.0 and above, it is *strongly* recommended you use the `login.json` approach. The "old" approach will still work but is not as powerful as the API based login. Here are the reasons why: - - * The "old" approach basically uses the same login webpage (`index.php`) that a user would log into when viewing the ZM console. This is not really using an API and more importantly, if you have additional components like reCAPTCHA enabled, this will not work. Using the API approach is much cleaner and will work irrespective of reCAPTCHA - - * The new login API returns important information that you can use to stream videos as well, right after login. Consider for example, a typical response to the login API (`/login.json`): +If you were to use any `JWT token verifier `__ it can easily decode that token and will show: :: - { - "credentials": "auth=f5b9cf48693fe8552503c8ABCD5", - "append_password": 0, - "version": "1.31.44", - "apiversion": "1.0" - } - -In this example I have `OPT_AUTH` enabled in ZoneMinder and it returns my credential key. You can then use this key to stream images like so: - -:: - - - -Where `authval` is the credentials returned to start streaming videos. - -The `append_password` field will contain 1 when it is necessary for you to append your ZM password. This is the case when you set `AUTH_RELAY` in ZM options to "plain", for example. In that case, the `credentials` field may contain something like `&user=admin&pass=` and you have to add your password to that string. + { + "iss": "ZoneMinder", + "iat": 1557940752, + "exp": 1557944352, + "user": "admin", + "type": "access" + } + Invalid Signature -.. NOTE:: It is recommended you invoke the `login` API once every 60 minutes to make sure the session stays alive. The same is true if you use the old login method too. +Don't be surprised. JWT tokens, by default, are `not meant to be encrypted `__. It is just an assertion of a claim. It states that the issuer of this token was ZoneMinder, +It was issued at (iat) Wednesday, 2019-05-15 17:19:12 UTC and will expire on (exp) Wednesday, 2019-05-15 18:19:12 UTC. This token claims to be owned by an admin and is an access token. If your token were to be stolen, this information is available to the person who stole it. Note that there are no sensitive details like passwords in this claim. + +However, that person will **not** have your secret key as part of this token and therefore, will NOT be able to create a new JWT token to get, say, a refresh token. They will however, be able to use your access token to access resources just like the auth hash above, till the access token expires (2 hrs). To revoke this token, you don't need to disable the user. Go to ``Options->API`` and tap on "Revoke All Access Tokens". This will invalidate the token immediately (this option will invalidate all tokens for all users, and new ones will need to be generated). + +Over time, we will provide you with more fine grained access to these options. + +**Summarizing good practices:** + +* Use HTTPS, not HTTP +* If possible, use free services like `LetsEncrypt `__ instead of self-signed certificates (sometimes this is not possible) +* Keep your tokens as private as possible, and use them as recommended above +* If you believe your tokens are compromised, revoke them, but also check if your attacker has compromised more than you think (example, they may also have your username/password or access to your system via other exploits, in which case they can regenerate as many tokens/credentials as they want). +.. NOTE:: + Subsequent sections don't explicitly callout the key addition to APIs. We assume that you will append the correct keys as per our explanation above. -Examples (please read security notice above) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Please remember, if you are using authentication, please add a ``-b cookies.txt`` to each of the commands below if you are using -CuRL. If you are not using CuRL and writing your own app, you need to make sure you pass on cookies to subsequent requests -in your app. +Examples +^^^^^^^^^ (In all examples, replace 'server' with IP or hostname & port where ZoneMinder is running) @@ -410,6 +412,15 @@ This returns number of events per monitor that were recorded in the last day whe +Return sorted events +^^^^^^^^^^^^^^^^^^^^^^ + +This returns a list of events within a time range and also sorts it by descending order + +:: + + curl -XGET "http://server/zm/api/events/index/StartTime%20>=:2015-05-15%2018:43:56/EndTime%20<=:208:43:56.json?sort=StartTime&direction=desc" + Configuration Apis ^^^^^^^^^^^^^^^^^^^ @@ -584,9 +595,104 @@ Returns: This only works if you have a multiserver setup in place. If you don't it will return an empty array. +Other APIs +^^^^^^^^^^ +This is not a complete list. ZM supports more parameters/APIs. A good way to dive in is to look at the `API code `__ directly. + +Streaming Interface +^^^^^^^^^^^^^^^^^^^ +Developers working on their application often ask if there is an "API" to receive live streams, or recorded event streams. +It is possible to stream both live and recorded streams. This isn't strictly an "API" per-se (that is, it is not integrated +into the Cake PHP based API layer discussed here) and also why we've used the term "Interface" instead of an "API". + +Live Streams +~~~~~~~~~~~~~~ +What you need to know is that if you want to display "live streams", ZoneMinder sends you streaming JPEG images (MJPEG) +which can easily be rendered in a browser using an ``img src`` tag. + +For example: + +:: + + + + # or + + + + + + +will display a live feed from monitor id 1, scaled down by 50% in quality and resized to 640x480px. + +* This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system +* The "auth" token you see above is required if you use ZoneMinder authentication. To understand how to get the auth token, please read the "Login, Logout & API security" section below. +* The "connkey" parameter is essentially a random number which uniquely identifies a stream. If you don't specify a connkey, ZM will generate its own. It is recommended to generate a connkey because you can then use it to "control" the stream (pause/resume etc.) +* Instead of dealing with the "auth" token, you can also use ``&user=username&pass=password`` where "username" and "password" are your ZoneMinder username and password respectively. Note that this is not recommended because you are transmitting them in a URL and even if you use HTTPS, they may show up in web server logs. + + +PTZ on live streams +------------------- +PTZ commands are pretty cryptic in ZoneMinder. This is not meant to be an exhaustive guide, but just something to whet your appetite: + + +Lets assume you have a monitor, with ID=6. Let's further assume you want to pan it left. + +You'd need to send a: +``POST`` command to ``https://yourserver/zm/index.php`` with the following data payload in the command (NOT in the URL) + +``view=request&request=control&id=6&control=moveConLeft&xge=30&yge=30`` + +Obviously, if you are using authentication, you need to be logged in for this to work. + +Like I said, at this stage, this is only meant to get you started. Explore the ZoneMinder code and use "Inspect source" as you use PTZ commands in the ZoneMinder source code. +`control_functions.php `__ is a great place to start. + + +Pre-recorded (past event) streams +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Similar to live playback, if you have chosen to store events in JPEG mode, you can play it back using: + +:: + + + + # or + + + + + +* This assumes ``/zm/cgi-bin`` is your CGI_BIN path. Change it to what is correct in your system +* This will playback event 293820, starting from frame 1 as an MJPEG stream +* Like before, you can add more parameters like ``scale`` etc. +* auth and connkey have the same meaning as before, and yes, you can replace auth by ``&user=usename&pass=password`` as before and the same security concerns cited above apply. + +If instead, you have chosen to use the MP4 (Video) storage mode for events, you can directly play back the saved video file: + +:: + + + + + # or + + + + +This above will play back the video recording for event 294690 + +What other parameters are supported? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +The best way to answer this question is to play with ZoneMinder console. Open a browser, play back live or recorded feed, and do an "Inspect Source" to see what parameters +are generated. Change and observe. + + Further Reading ^^^^^^^^^^^^^^^^ + As described earlier, treat this document as an "introduction" to the important parts of the API and streaming interfaces. There are several details that haven't yet been documented. Till they are, here are some resources: diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index 495e53d29..d133b3eaf 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -396,6 +396,17 @@ our @options = ( type => $types{boolean}, category => 'system', }, + { + name => 'ZM_OPT_USE_LEGACY_API_AUTH', + default => 'yes', + description => 'Enable legacy API authentication', + help => q` + Starting version 1.34.0, ZoneMinder uses a more secure + Authentication mechanism using JWT tokens. Older versions used a less secure MD5 based auth hash. It is recommended you turn this off after you are sure you don't need it. If you are using a 3rd party app that relies on the older API auth mechanisms, you will have to update that app if you turn this off. Note that zmNinja 1.3.057 onwards supports the new token system + `, + type => $types{boolean}, + category => 'system', + }, { name => 'ZM_OPT_USE_EVENTNOTIFICATION', default => 'no', diff --git a/scripts/zmupdate.pl.in b/scripts/zmupdate.pl.in index bb9dddac4..8dbc4d14f 100644 --- a/scripts/zmupdate.pl.in +++ b/scripts/zmupdate.pl.in @@ -51,6 +51,8 @@ configuring upgrades etc, including on the fly upgrades. use strict; use bytes; use version; +use Crypt::Eksblowfish::Bcrypt; +use Data::Entropy::Algorithms qw(rand_bits); # ========================================================================== # @@ -312,6 +314,7 @@ if ( $migrateEvents ) { if ( $freshen ) { print( "\nFreshening configuration in database\n" ); migratePaths(); + migratePasswords(); ZoneMinder::Config::loadConfigFromDB(); ZoneMinder::Config::saveConfigToDB(); } @@ -999,6 +1002,26 @@ sub patchDB { } +sub migratePasswords { + print ("Migratings passwords, if any...\n"); + my $sql = "select * from Users"; + my $sth = $dbh->prepare_cached( $sql ) or die( "Can't prepare '$sql': ".$dbh->errstr() ); + my $res = $sth->execute() or die( "Can't execute: ".$sth->errstr() ); + while( my $user = $sth->fetchrow_hashref() ) { + my $scheme = substr($user->{Password}, 0, 1); + if ($scheme eq "*") { + print ("-->".$user->{Username}. " password will be migrated\n"); + my $salt = Crypt::Eksblowfish::Bcrypt::en_base64(rand_bits(16*8)); + my $settings = '$2a$10$'.$salt; + my $pass_hash = Crypt::Eksblowfish::Bcrypt::bcrypt($user->{Password},$settings); + my $new_pass_hash = "-ZM-".$pass_hash; + $sql = "UPDATE Users SET PASSWORD=? WHERE Username=?"; + my $sth = $dbh->prepare_cached( $sql ) or die( "Can't prepare '$sql': ".$dbh->errstr() ); + my $res = $sth->execute($new_pass_hash, $user->{Username}) or die( "Can't execute: ".$sth->errstr() ); + } + } +} + sub migratePaths { my $customConfigFile = '@ZM_CONFIG_SUBDIR@/zmcustom.conf'; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index e27c36d6a..3628a4944 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -4,20 +4,26 @@ configure_file(zm_config.h.in "${CMAKE_CURRENT_BINARY_DIR}/zm_config.h" @ONLY) # Group together all the source files that are used by all the binaries (zmc, zma, zmu, zms etc) -set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_fifo.cpp zm_storage.cpp) +set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_config.cpp zm_coord.cpp zm_curl_camera.cpp zm.cpp zm_db.cpp zm_logger.cpp zm_event.cpp zm_frame.cpp zm_eventstream.cpp zm_exception.cpp zm_file_camera.cpp zm_ffmpeg_input.cpp zm_ffmpeg_camera.cpp zm_group.cpp zm_image.cpp zm_jpeg.cpp zm_libvlc_camera.cpp zm_local_camera.cpp zm_monitor.cpp zm_monitorstream.cpp zm_ffmpeg.cpp zm_mpeg.cpp zm_packet.cpp zm_packetqueue.cpp zm_poly.cpp zm_regexp.cpp zm_remote_camera.cpp zm_remote_camera_http.cpp zm_remote_camera_nvsocket.cpp zm_remote_camera_rtsp.cpp zm_rtp.cpp zm_rtp_ctrl.cpp zm_rtp_data.cpp zm_rtp_source.cpp zm_rtsp.cpp zm_rtsp_auth.cpp zm_sdp.cpp zm_signal.cpp zm_stream.cpp zm_swscale.cpp zm_thread.cpp zm_time.cpp zm_timer.cpp zm_user.cpp zm_utils.cpp zm_video.cpp zm_videostore.cpp zm_zone.cpp zm_storage.cpp zm_fifo.cpp zm_crypt.cpp) + # A fix for cmake recompiling the source files for every target. add_library(zm STATIC ${ZM_BIN_SRC_FILES}) +link_directories(../third_party/bcrypt) add_executable(zmc zmc.cpp) add_executable(zma zma.cpp) add_executable(zmu zmu.cpp) add_executable(zms zms.cpp) +# JWT is a header only library. +include_directories(../third_party/bcrypt/include/bcrypt) +include_directories(../third_party/jwt-cpp/include/jwt-cpp) + target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) -target_link_libraries(zmu zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) -target_link_libraries(zms zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) +target_link_libraries(zmu zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) +target_link_libraries(zms zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) # Generate man files for the binaries destined for the bin folder FOREACH(CBINARY zma zmc zmu) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp new file mode 100644 index 000000000..0235e5c13 --- /dev/null +++ b/src/zm_crypt.cpp @@ -0,0 +1,117 @@ +#include "zm.h" +# include "zm_crypt.h" +#include "BCrypt.hpp" +#include "jwt.h" +#include +#include + + +// returns username if valid, "" if not +std::pair verifyToken(std::string jwt_token_str, std::string key) { + std::string username = ""; + unsigned int token_issued_at = 0; + try { + // is it decodable? + auto decoded = jwt::decode(jwt_token_str); + auto verifier = jwt::verify() + .allow_algorithm(jwt::algorithm::hs256{ key }) + .with_issuer("ZoneMinder"); + + // signature verified? + verifier.verify(decoded); + + // make sure it has fields we need + if (decoded.has_payload_claim("type")) { + std::string type = decoded.get_payload_claim("type").as_string(); + if (type != "access") { + Error ("Only access tokens are allowed. Please do not use refresh tokens"); + return std::make_pair("",0); + } + } + else { + // something is wrong. All ZM tokens have type + Error ("Missing token type. This should not happen"); + return std::make_pair("",0); + } + if (decoded.has_payload_claim("user")) { + username = decoded.get_payload_claim("user").as_string(); + Debug (1, "Got %s as user claim from token", username.c_str()); + } + else { + Error ("User not found in claim"); + return std::make_pair("",0); + } + + if (decoded.has_payload_claim("iat")) { + token_issued_at = (unsigned int) (decoded.get_payload_claim("iat").as_int()); + Debug (1,"Got IAT token=%u", token_issued_at); + + } + else { + Error ("IAT not found in claim. This should not happen"); + return std::make_pair("",0); + } + } // try + catch (const std::exception &e) { + Error("Unable to verify token: %s", e.what()); + return std::make_pair("",0); + } + catch (...) { + Error ("unknown exception"); + return std::make_pair("",0); + + } + return std::make_pair(username,token_issued_at); +} + +bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash) { + bool password_correct = false; + if (strlen(db_password_hash ) < 4) { + // actually, shoud be more, but this is min. for next code + Error ("DB Password is too short or invalid to check"); + return false; + } + if (db_password_hash[0] == '*') { + // MYSQL PASSWORD + Debug (1,"%s is using an MD5 encoded password", username); + + SHA_CTX ctx1, ctx2; + unsigned char digest_interim[SHA_DIGEST_LENGTH]; + unsigned char digest_final[SHA_DIGEST_LENGTH]; + + //get first iteration + SHA1_Init(&ctx1); + SHA1_Update(&ctx1, input_password, strlen(input_password)); + SHA1_Final(digest_interim, &ctx1); + + //2nd iteration + SHA1_Init(&ctx2); + SHA1_Update(&ctx2, digest_interim,SHA_DIGEST_LENGTH); + SHA1_Final (digest_final, &ctx2); + + char final_hash[SHA_DIGEST_LENGTH * 2 +2]; + final_hash[0]='*'; + //convert to hex + for(int i = 0; i < SHA_DIGEST_LENGTH; i++) + sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]); + final_hash[SHA_DIGEST_LENGTH *2 + 1]=0; + + Debug (1,"Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); + Debug (5, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); + password_correct = (strcmp(db_password_hash, final_hash)==0); + } + else if ((db_password_hash[0] == '$') && (db_password_hash[1]== '2') + &&(db_password_hash[3] == '$')) { + // BCRYPT + Debug (1,"%s is using a bcrypt encoded password", username); + BCrypt bcrypt; + std::string input_hash = bcrypt.generateHash(std::string(input_password)); + password_correct = bcrypt.validatePassword(std::string(input_password), std::string(db_password_hash)); + } + else { + // plain + Warning ("%s is using a plain text password, please do not use plain text", username); + password_correct = (strcmp(input_password, db_password_hash) == 0); + } + return password_correct; +} \ No newline at end of file diff --git a/src/zm_crypt.h b/src/zm_crypt.h new file mode 100644 index 000000000..340abc36c --- /dev/null +++ b/src/zm_crypt.h @@ -0,0 +1,31 @@ +// +// ZoneMinder General Utility Functions, $Date$, $Revision$ +// Copyright (C) 2001-2008 Philip Coombes +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// + +#ifndef ZM_CRYPT_H +#define ZM_CRYPT_H + + +#include + + + +bool verifyPassword( const char *username, const char *input_password, const char *db_password_hash); + +std::pair verifyToken(std::string token, std::string key); +#endif // ZM_CRYPT_H \ No newline at end of file diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 46ee2cdf1..35f25f7c9 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -27,7 +27,9 @@ #include #include + #include "zm_utils.h" +#include "zm_crypt.h" User::User() { id = 0; @@ -95,24 +97,15 @@ User *zmLoadUser( const char *username, const char *password ) { // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. mysql_real_escape_string(&dbconn, safer_username, username, username_length ); - if ( password ) { - int password_length = strlen(password); - char *safer_password = new char[(password_length * 2) + 1]; - mysql_real_escape_string(&dbconn, safer_password, password, password_length); - snprintf(sql, sizeof(sql), - "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1", - safer_username, safer_password ); - delete safer_password; - } else { - snprintf(sql, sizeof(sql), - "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users where Username = '%s' and Enabled = 1", safer_username ); - } + + snprintf(sql, sizeof(sql), + "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" + " FROM Users where Username = '%s' and Enabled = 1", safer_username ); + if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); - exit(mysql_errno(&dbconn)); + exit(mysql_errno(&dbconn)); } MYSQL_RES *result = mysql_store_result(&dbconn); @@ -131,14 +124,86 @@ User *zmLoadUser( const char *username, const char *password ) { MYSQL_ROW dbrow = mysql_fetch_row(result); User *user = new User(dbrow); - Info("Authenticated user '%s'", user->getUsername()); - - mysql_free_result(result); - delete safer_username; - - return user; + + if (verifyPassword(username, password, user->getPassword())) { + Info("Authenticated user '%s'", user->getUsername()); + mysql_free_result(result); + delete safer_username; + return user; + } + else { + Warning("Unable to authenticate user %s", username); + mysql_free_result(result); + return NULL; + } + } +User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { + std::string key = config.auth_hash_secret; + std::string remote_addr = ""; + + if (use_remote_addr) { + remote_addr = std::string(getenv( "REMOTE_ADDR" )); + if ( remote_addr == "" ) { + Warning( "Can't determine remote address, using null" ); + remote_addr = ""; + } + key += remote_addr; + } + + Debug (1,"Inside zmLoadTokenUser, formed key=%s", key.c_str()); + + std::pair ans = verifyToken(jwt_token_str, key); + std::string username = ans.first; + unsigned int iat = ans.second; + + if (username != "") { + char sql[ZM_SQL_MED_BUFSIZ] = ""; + snprintf(sql, sizeof(sql), + "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds, TokenMinExpiry" + " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); + + if ( mysql_query(&dbconn, sql) ) { + Error("Can't run query: %s", mysql_error(&dbconn)); + exit(mysql_errno(&dbconn)); + } + + MYSQL_RES *result = mysql_store_result(&dbconn); + if ( !result ) { + Error("Can't use query result: %s", mysql_error(&dbconn)); + exit(mysql_errno(&dbconn)); + } + int n_users = mysql_num_rows(result); + + if ( n_users != 1 ) { + mysql_free_result(result); + Error("Unable to authenticate user %s", username.c_str()); + return NULL; + } + + MYSQL_ROW dbrow = mysql_fetch_row(result); + User *user = new User(dbrow); + unsigned int stored_iat = strtoul(dbrow[10], NULL,0 ); + + if (stored_iat > iat ) { // admin revoked tokens + mysql_free_result(result); + Error("Token was revoked for %s", username.c_str()); + return NULL; + } + + Debug (1,"Got stored expiry time of %u",stored_iat); + Info ("Authenticated user '%s' via token", username.c_str()); + mysql_free_result(result); + return user; + + } + else { + return NULL; + } + +} + // Function to validate an authentication string User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) { #if HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT diff --git a/src/zm_user.h b/src/zm_user.h index 00c61185b..04842b318 100644 --- a/src/zm_user.h +++ b/src/zm_user.h @@ -77,6 +77,7 @@ public: User *zmLoadUser( const char *username, const char *password=0 ); User *zmLoadAuthUser( const char *auth, bool use_remote_addr ); +User *zmLoadTokenUser( std::string jwt, bool use_remote_addr); bool checkUser ( const char *username); bool checkPass (const char *password); diff --git a/src/zms.cpp b/src/zms.cpp index 6042dbef3..5e6e4c2d6 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -71,6 +71,7 @@ int main( int argc, const char *argv[] ) { std::string username; std::string password; char auth[64] = ""; + std::string jwt_token_str = ""; unsigned int connkey = 0; unsigned int playback_buffer = 0; @@ -161,6 +162,10 @@ int main( int argc, const char *argv[] ) { playback_buffer = atoi(value); } else if ( !strcmp( name, "auth" ) ) { strncpy( auth, value, sizeof(auth)-1 ); + } else if ( !strcmp( name, "token" ) ) { + jwt_token_str = value; + Debug(1,"ZMS: JWT token found: %s", jwt_token_str.c_str()); + } else if ( !strcmp( name, "user" ) ) { username = UriDecode( value ); } else if ( !strcmp( name, "pass" ) ) { @@ -184,11 +189,16 @@ int main( int argc, const char *argv[] ) { if ( config.opt_use_auth ) { User *user = 0; - if ( strcmp(config.auth_relay, "none") == 0 ) { + if (jwt_token_str != "") { + //user = zmLoadTokenUser(jwt_token_str, config.auth_hash_ips); + user = zmLoadTokenUser(jwt_token_str, false); + + } + else if ( strcmp(config.auth_relay, "none") == 0 ) { if ( checkUser(username.c_str()) ) { user = zmLoadUser(username.c_str()); } else { - Error("") + Error("Bad username"); } } else { diff --git a/src/zmu.cpp b/src/zmu.cpp index 2ad1471d5..07f9ae8aa 100644 --- a/src/zmu.cpp +++ b/src/zmu.cpp @@ -138,6 +138,7 @@ void Usage(int status=-1) { " -U, --username : When running in authenticated mode the username and\n" " -P, --password : password combination of the given user\n" " -A, --auth : Pass authentication hash string instead of user details\n" + " -T, --token : Pass JWT token string instead of user details\n" "", stderr ); exit(status); @@ -242,6 +243,7 @@ int main(int argc, char *argv[]) { {"username", 1, 0, 'U'}, {"password", 1, 0, 'P'}, {"auth", 1, 0, 'A'}, + {"token", 1, 0, 'T'}, {"version", 1, 0, 'V'}, {"help", 0, 0, 'h'}, {"list", 0, 0, 'l'}, @@ -263,6 +265,7 @@ int main(int argc, char *argv[]) { char *username = 0; char *password = 0; char *auth = 0; + std::string jwt_token_str = ""; #if ZM_HAS_V4L #if ZM_HAS_V4L2 int v4lVersion = 2; @@ -273,7 +276,7 @@ int main(int argc, char *argv[]) { while (1) { int option_index = 0; - int c = getopt_long(argc, argv, "d:m:vsEDLurwei::S:t::fz::ancqhlB::C::H::O::U:P:A:V:", long_options, &option_index); + int c = getopt_long(argc, argv, "d:m:vsEDLurwei::S:t::fz::ancqhlB::C::H::O::U:P:A:V:T:", long_options, &option_index); if ( c == -1 ) { break; } @@ -378,6 +381,9 @@ int main(int argc, char *argv[]) { case 'A': auth = optarg; break; + case 'T': + jwt_token_str = std::string(optarg); + break; #if ZM_HAS_V4L case 'V': v4lVersion = (atoi(optarg)==1)?1:2; @@ -438,10 +444,13 @@ int main(int argc, char *argv[]) { user = zmLoadUser(username); } else { - if ( !(username && password) && !auth ) { - Error("Username and password or auth string must be supplied"); + if ( !(username && password) && !auth && (jwt_token_str=="")) { + Error("Username and password or auth/token string must be supplied"); exit_zmu(-1); } + if (jwt_token_str != "") { + user = zmLoadTokenUser(jwt_token_str, false); + } if ( auth ) { user = zmLoadAuthUser(auth, false); } diff --git a/third_party/bcrypt b/third_party/bcrypt new file mode 160000 index 000000000..be171cd75 --- /dev/null +++ b/third_party/bcrypt @@ -0,0 +1 @@ +Subproject commit be171cd75dd65e06315a67c7dcdb8e1bbc1dabd4 diff --git a/third_party/jwt-cpp b/third_party/jwt-cpp new file mode 160000 index 000000000..bfca4f6a8 --- /dev/null +++ b/third_party/jwt-cpp @@ -0,0 +1 @@ +Subproject commit bfca4f6a87bfd9d9a259939d0524169827a3a862 diff --git a/version b/version index 692c2e30d..c64ec5337 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.33.8 +1.33.9 diff --git a/web/.gitignore b/web/.gitignore index 90d971d4b..354e5470b 100644 --- a/web/.gitignore +++ b/web/.gitignore @@ -4,8 +4,8 @@ /app/tmp /lib/Cake/Console/Templates/skel/tmp/ /plugins -/vendors /build +/vendors /dist /tags /app/webroot/events diff --git a/web/CMakeLists.txt b/web/CMakeLists.txt index 50e5f9998..b3d097739 100644 --- a/web/CMakeLists.txt +++ b/web/CMakeLists.txt @@ -9,7 +9,7 @@ add_subdirectory(tools/mootools) configure_file(includes/config.php.in "${CMAKE_CURRENT_BINARY_DIR}/includes/config.php" @ONLY) # Install the web files -install(DIRECTORY api ajax css fonts graphics includes js lang skins tools views DESTINATION "${ZM_WEBDIR}" PATTERN "*.in" EXCLUDE PATTERN "*Make*" EXCLUDE PATTERN "*cmake*" EXCLUDE) +install(DIRECTORY vendor api ajax css fonts graphics includes js lang skins tools views DESTINATION "${ZM_WEBDIR}" PATTERN "*.in" EXCLUDE PATTERN "*Make*" EXCLUDE PATTERN "*cmake*" EXCLUDE) install(FILES index.php robots.txt DESTINATION "${ZM_WEBDIR}") install(FILES "${CMAKE_CURRENT_BINARY_DIR}/includes/config.php" DESTINATION "${ZM_WEBDIR}/includes") diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php index 51575f055..eeda4b105 100644 --- a/web/api/app/Controller/AppController.php +++ b/web/api/app/Controller/AppController.php @@ -68,25 +68,46 @@ class AppController extends Controller { # For use throughout the app. If not logged in, this will be null. global $user; + if ( ZM_OPT_USE_AUTH ) { require_once __DIR__ .'/../../../includes/auth.php'; $mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user'); $mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass'); - $mAuth = $this->request->query('auth') ? $this->request->query('auth') : $this->request->data('auth'); + $mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token'); if ( $mUser and $mPassword ) { - $user = userLogin($mUser, $mPassword); + // log (user, pass, nothashed, api based login so skip recaptcha) + $user = userLogin($mUser, $mPassword, false, true); if ( !$user ) { - throw new UnauthorizedException(__('User not found or incorrect password')); + throw new UnauthorizedException(__('Incorrect credentials or API disabled')); return; } + } else if ( $mToken ) { + // if you pass a token to login, we should only allow + // refresh tokens to regenerate new access and refresh tokens + if ( !strcasecmp($this->params->action, 'login') ) { + $only_allow_token_type='refresh'; + } else { + // for any other methods, don't allow refresh tokens + // they are supposed to be infrequently used for security + // purposes + $only_allow_token_type='access'; + + } + $ret = validateToken($mToken, $only_allow_token_type, true); + $user = $ret[0]; + $retstatus = $ret[1]; + if ( !$user ) { + throw new UnauthorizedException(__($retstatus)); + return; + } } else if ( $mAuth ) { - $user = getAuthUser($mAuth); - if ( !$user ) { - throw new UnauthorizedException(__('Invalid Auth Key')); - return; - } + $user = getAuthUser($mAuth, true); + if ( !$user ) { + throw new UnauthorizedException(__('Invalid Auth Key')); + return; + } } // We need to reject methods that are not authenticated // besides login and logout @@ -100,6 +121,10 @@ class AppController extends Controller { } } # end if ! login or logout } # end if ZM_OPT_AUTH - + // make sure populated user object has APIs enabled + if ($user['APIEnabled'] == 0 ) { + throw new UnauthorizedException(__('API Disabled')); + return; + } } # end function beforeFilter() } diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 05b2ed3fa..f0bae277e 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -31,19 +31,60 @@ class HostController extends AppController { } function login() { + + $mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user'); + $mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass'); + $mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token'); + + + if ( !($mUser && $mPassword) && !$mToken ) { + throw new UnauthorizedException(__('No identity provided')); + } - $cred = $this->_getCredentials(); $ver = $this->_getVersion(); - $this->set(array( - 'credentials' => $cred[0], - 'append_password'=>$cred[1], - 'version' => $ver[0], - 'apiversion' => $ver[1], - '_serialize' => array('credentials', - 'append_password', - 'version', - 'apiversion' - ))); + $cred = []; + $cred_depr = []; + + if ($mUser && $mPassword) { + $cred = $this->_getCredentials(true); // generate refresh + } + else { + $cred = $this->_getCredentials(false, $mToken); // don't generate refresh + } + + $login_array = array ( + 'access_token'=>$cred[0], + 'access_token_expires'=>$cred[1] + ); + + $login_serialize_list = array ( + 'access_token', + 'access_token_expires' + ); + + if ($mUser && $mPassword) { + $login_array['refresh_token'] = $cred[2]; + $login_array['refresh_token_expires'] = $cred[3]; + array_push ($login_serialize_list, 'refresh_token', 'refresh_token_expires'); + } + + if (ZM_OPT_USE_LEGACY_API_AUTH) { + $cred_depr = $this->_getCredentialsDeprecated(); + $login_array ['credentials']=$cred_depr[0]; + $login_array ['append_password']=$cred_depr[1]; + array_push ($login_serialize_list, 'credentials', 'append_password'); + } + + + $login_array['version'] = $ver[0]; + $login_array['apiversion'] = $ver[1]; + array_push ($login_serialize_list, 'version', 'apiversion'); + + $login_array["_serialize"] = $login_serialize_list; + + $this->set($login_array); + + } // end function login() // clears out session @@ -56,40 +97,95 @@ class HostController extends AppController { )); } // end function logout() - - private function _getCredentials() { + + private function _getCredentialsDeprecated() { $credentials = ''; $appendPassword = 0; - $this->loadModel('Config'); - $isZmAuth = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH')))['Config']['Value']; - - if ( $isZmAuth ) { - // In future, we may want to completely move to AUTH_HASH_LOGINS and return &auth= for all cases - require_once __DIR__ .'/../../../includes/auth.php'; # in the event we directly call getCredentials.json - - $zmAuthRelay = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_RELAY')))['Config']['Value']; - if ( $zmAuthRelay == 'hashed' ) { - $zmAuthHashIps = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_HASH_IPS')))['Config']['Value']; - // make sure auth is regenerated each time we call this API - $credentials = 'auth='.generateAuthHash($zmAuthHashIps,true); - } else { - // user will need to append the store password here + if (ZM_OPT_USE_AUTH) { + require_once __DIR__ .'/../../../includes/auth.php'; + if (ZM_AUTH_RELAY=='hashed') { + $credentials = 'auth='.generateAuthHash(ZM_AUTH_HASH_IPS,true); + } + else { $credentials = 'user='.$this->Session->read('Username').'&pass='; $appendPassword = 1; } + return array($credentials, $appendPassword); } - return array($credentials, $appendPassword); - } // end function _getCredentials + } + + private function _getCredentials($generate_refresh_token=false, $mToken='') { + $credentials = ''; + $this->loadModel('Config'); - function getCredentials() { - // ignore debug warnings from other functions - $this->view='Json'; - $val = $this->_getCredentials(); - $this->set(array( - 'credentials'=> $val[0], - 'append_password'=>$val[1], - '_serialize' => array('credentials', 'append_password') - ) ); + if ( ZM_OPT_USE_AUTH ) { + require_once __DIR__ .'/../../../includes/auth.php'; + require_once __DIR__.'/../../../vendor/autoload.php'; + + $key = ZM_AUTH_HASH_SECRET; + if (!$key) { + throw new ForbiddenException(__('Please create a valid AUTH_HASH_SECRET in ZoneMinder')); + } + + if ($mToken) { + // If we have a token, we need to derive username from there + $ret = validateToken($mToken, 'refresh', true); + $mUser = $ret[0]['Username']; + + } else { + $mUser = $_SESSION['username']; + } + + ZM\Info("Creating token for \"$mUser\""); + + /* we won't support AUTH_HASH_IPS in token mode + reasons: + a) counter-intuitive for mobile consumers + b) zmu will never be able to to validate via a token if we sign + it after appending REMOTE_ADDR + + if (ZM_AUTH_HASH_IPS) { + $key = $key . $_SERVER['REMOTE_ADDR']; + }*/ + + $access_issued_at = time(); + $access_ttl = (ZM_AUTH_HASH_TTL || 2) * 3600; + + // by default access token will expire in 2 hrs + // you can change it by changing the value of ZM_AUTH_HASH_TLL + $access_expire_at = $access_issued_at + $access_ttl; + //$access_expire_at = $access_issued_at + 60; // TEST, REMOVE + + $access_token = array( + "iss" => "ZoneMinder", + "iat" => $access_issued_at, + "exp" => $access_expire_at, + "user" => $mUser, + "type" => "access" + ); + + $jwt_access_token = \Firebase\JWT\JWT::encode($access_token, $key, 'HS256'); + + $jwt_refresh_token = ""; + $refresh_ttl = 0; + + if ($generate_refresh_token) { + $refresh_issued_at = time(); + $refresh_ttl = 24 * 3600; // 1 day + + $refresh_expire_at = $refresh_issued_at + $refresh_ttl; + $refresh_token = array( + "iss" => "ZoneMinder", + "iat" => $refresh_issued_at, + "exp" => $refresh_expire_at, + "user" => $mUser, + "type" => "refresh" + ); + $jwt_refresh_token = \Firebase\JWT\JWT::encode($refresh_token, $key, 'HS256'); + } + + } + return array($jwt_access_token, $access_ttl, $jwt_refresh_token, $refresh_ttl); } // If $mid is set, only return disk usage for that monitor @@ -169,7 +265,7 @@ class HostController extends AppController { private function _getVersion() { $version = Configure::read('ZM_VERSION'); - $apiversion = '1.0'; + $apiversion = '2.0'; return array($version, $apiversion); } diff --git a/web/composer.json b/web/composer.json new file mode 100644 index 000000000..968d1d4cb --- /dev/null +++ b/web/composer.json @@ -0,0 +1,6 @@ +{ + "require": { + "firebase/php-jwt": "^5.0", + "ircmaxell/password-compat": "^1.0" + } +} diff --git a/web/composer.lock b/web/composer.lock new file mode 100644 index 000000000..b260d2e5a --- /dev/null +++ b/web/composer.lock @@ -0,0 +1,106 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "This file is @generated automatically" + ], + "content-hash": "5759823f1f047089a354efaa25903378", + "packages": [ + { + "name": "firebase/php-jwt", + "version": "v5.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", + "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "require-dev": { + "phpunit/phpunit": " 4.8.35" + }, + "type": "library", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "time": "2017-06-27T22:17:23+00:00" + }, + { + "name": "ircmaxell/password-compat", + "version": "v1.0.4", + "source": { + "type": "git", + "url": "https://github.com/ircmaxell/password_compat.git", + "reference": "5c5cde8822a69545767f7c7f3058cb15ff84614c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ircmaxell/password_compat/zipball/5c5cde8822a69545767f7c7f3058cb15ff84614c", + "reference": "5c5cde8822a69545767f7c7f3058cb15ff84614c", + "shasum": "" + }, + "require-dev": { + "phpunit/phpunit": "4.*" + }, + "type": "library", + "autoload": { + "files": [ + "lib/password.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Anthony Ferrara", + "email": "ircmaxell@php.net", + "homepage": "http://blog.ircmaxell.com" + } + ], + "description": "A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password_hash", + "homepage": "https://github.com/ircmaxell/password_compat", + "keywords": [ + "hashing", + "password" + ], + "time": "2014-11-20T16:49:30+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [] +} diff --git a/web/includes/actions/options.php b/web/includes/actions/options.php index 0c80bacf0..2f98b4a95 100644 --- a/web/includes/actions/options.php +++ b/web/includes/actions/options.php @@ -75,6 +75,7 @@ if ( $action == 'delete' ) { case 'config' : $restartWarning = true; break; + case 'API': case 'web' : case 'tools' : break; diff --git a/web/includes/actions/user.php b/web/includes/actions/user.php index af569627f..2b520cd10 100644 --- a/web/includes/actions/user.php +++ b/web/includes/actions/user.php @@ -28,8 +28,18 @@ if ( $action == 'user' ) { $types = array(); $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types); - if ( $_REQUEST['newUser']['Password'] ) - $changes['Password'] = 'Password = password('.dbEscape($_REQUEST['newUser']['Password']).')'; + if (function_exists ('password_hash')) { + $pass_hash = '"'.password_hash($pass, PASSWORD_BCRYPT).'"'; + } else { + $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; + ZM\Info ('Cannot use bcrypt as you are using PHP < 5.5'); + } + + if ( $_REQUEST['newUser']['Password'] ) { + $changes['Password'] = 'Password = '.$pass_hash; + ZM\Info ("PASS CMD=".$changes['Password']); + } + else unset($changes['Password']); @@ -53,8 +63,19 @@ if ( $action == 'user' ) { $types = array(); $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types); - if ( !empty($_REQUEST['newUser']['Password']) ) - $changes['Password'] = 'Password = password('.dbEscape($_REQUEST['newUser']['Password']).')'; + if (function_exists ('password_hash')) { + $pass_hash = '"'.password_hash($pass, PASSWORD_BCRYPT).'"'; + } else { + $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; + ZM\Info ('Cannot use bcrypt as you are using PHP < 5.3'); + } + + + if ( !empty($_REQUEST['newUser']['Password']) ) { + ZM\Info ("PASS CMD=".$changes['Password']); + $changes['Password'] = 'Password = '.$pass_hash; + } + else unset($changes['Password']); if ( count($changes) ) { diff --git a/web/includes/auth.php b/web/includes/auth.php index 6b061f7fc..12199d878 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -19,8 +19,33 @@ // // require_once('session.php'); +require_once(__DIR__.'/../vendor/autoload.php'); -function userLogin($username='', $password='', $passwordHashed=false) { +use \Firebase\JWT\JWT; + +// this function migrates mysql hashing to bcrypt, if you are using PHP >= 5.5 +// will be called after successful login, only if mysql hashing is detected +function migrateHash($user, $pass) { + if ( function_exists('password_hash') ) { + ZM\Info("Migrating $user to bcrypt scheme"); + // let it generate its own salt, and ensure bcrypt as PASSWORD_DEFAULT may change later + // we can modify this later to support argon2 etc as switch to its own password signature detection + $bcrypt_hash = password_hash($pass, PASSWORD_BCRYPT); + //ZM\Info ("hased bcrypt $pass is $bcrypt_hash"); + $update_password_sql = 'UPDATE Users SET Password=\''.$bcrypt_hash.'\' WHERE Username=\''.$user.'\''; + ZM\Info($update_password_sql); + dbQuery($update_password_sql); + # Since password field has changed, existing auth_hash is no longer valid + generateAuthHash(ZM_AUTH_HASH_IPS, true); + } else { + ZM\Info('Cannot migrate password scheme to bcrypt, as you are using PHP < 5.3'); + return; + } +} + +// core function used to login a user to PHP. Is also used for cake sessions for the API +function userLogin($username='', $password='', $passwordHashed=false, $from_api_layer = false) { + global $user; if ( !$username and isset($_REQUEST['username']) ) @@ -29,8 +54,10 @@ function userLogin($username='', $password='', $passwordHashed=false) { $password = $_REQUEST['password']; // if true, a popup will display after login - // PP - lets validate reCaptcha if it exists - if ( defined('ZM_OPT_USE_GOOG_RECAPTCHA') + // lets validate reCaptcha if it exists + // this only applies if it userLogin was not called from API layer + if ( !$from_api_layer + && defined('ZM_OPT_USE_GOOG_RECAPTCHA') && defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY') && defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY') && ZM_OPT_USE_GOOG_RECAPTCHA @@ -44,17 +71,17 @@ function userLogin($username='', $password='', $passwordHashed=false) { 'remoteip' => $_SERVER['REMOTE_ADDR'] ); $res = do_post_request($url, http_build_query($fields)); - $responseData = json_decode($res,true); - // PP - credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php + $responseData = json_decode($res, true); + // credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php // if recaptcha resulted in error, we might have to deny login - if ( isset($responseData['success']) && $responseData['success'] == false ) { + if ( isset($responseData['success']) && ($responseData['success'] == false) ) { // PP - before we deny auth, let's make sure the error was not 'invalid secret' // because that means the user did not configure the secret key correctly // in this case, we prefer to let him login in and display a message to correct // the key. Unfortunately, there is no way to check for invalid site key in code // as it produces the same error as when you don't answer a recaptcha if ( isset($responseData['error-codes']) && is_array($responseData['error-codes']) ) { - if ( !in_array('invalid-input-secret',$responseData['error-codes']) ) { + if ( !in_array('invalid-input-secret', $responseData['error-codes']) ) { Error('reCaptcha authentication failed'); return null; } else { @@ -64,28 +91,86 @@ function userLogin($username='', $password='', $passwordHashed=false) { } // end if success==false } // end if using reCaptcha - $sql = 'SELECT * FROM Users WHERE Enabled=1'; - $sql_values = NULL; - if ( ZM_AUTH_TYPE == 'builtin' ) { - if ( $passwordHashed ) { - $sql .= ' AND Username=? AND Password=?'; - } else { - $sql .= ' AND Username=? AND Password=password(?)'; + // coming here means we need to authenticate the user + // if captcha existed, it was passed + + $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username = ?'; + $sql_values = array($username); + + // First retrieve the stored password + // and move password hashing to application space + + $saved_user_details = dbFetchOne($sql, NULL, $sql_values); + $password_correct = false; + $password_type = NULL; + + if ( $saved_user_details ) { + + // if the API layer asked us to login, make sure the user + // has API enabled (admin may have banned API for this user) + + if ( $from_api_layer ) { + if ( $saved_user_details['APIEnabled'] != 1 ) { + ZM\Error("API disabled for: $username"); + $_SESSION['loginFailed'] = true; + unset($user); + return false; + } + } + + $saved_password = $saved_user_details['Password']; + if ( $saved_password[0] == '*' ) { + // We assume we don't need to support mysql < 4.1 + // Starting MY SQL 4.1, mysql concats a '*' in front of its password hash + // https://blog.pythian.com/hashing-algorithm-in-mysql-password-2/ + ZM\Logger::Debug('Saved password is using MYSQL password function'); + $input_password_hash = '*'.strtoupper(sha1(sha1($password, true))); + $password_correct = ($saved_password == $input_password_hash); + $password_type = 'mysql'; + + } else if ( preg_match('/^\$2[ayb]\$.+$/', $saved_password) ) { + ZM\Logger::Debug('bcrypt signature found, assumed bcrypt password'); + $password_type = 'bcrypt'; + $password_correct = $passwordHashed ? ($password == $saved_password) : password_verify($password, $saved_password); + } + // zmupdate.pl adds a '-ZM-' prefix to overlay encrypted passwords + // this is done so that we don't spend cycles doing two bcrypt password_verify calls + // for every wrong password entered. This will only be invoked for passwords zmupdate.pl has + // overlay hashed + else if ( substr($saved_password, 0,4) == '-ZM-' ) { + ZM\Logger::Debug("Detected bcrypt overlay hashing for $username"); + $bcrypt_hash = substr($saved_password, 4); + $mysql_encoded_password = '*'.strtoupper(sha1(sha1($password, true))); + ZM\Logger::Debug("Comparing password $mysql_encoded_password to bcrypt hash: $bcrypt_hash"); + $password_correct = password_verify($mysql_encoded_password, $bcrypt_hash); + $password_type = 'mysql'; // so we can migrate later down + } else { + // we really should nag the user not to use plain + ZM\Warning ('assuming plain text password as signature is not known. Please do not use plain, it is very insecure'); + $password_type = 'plain'; + $password_correct = ($saved_password == $password); } - $sql_values = array($username, $password); } else { - $sql .= ' AND Username=?'; - $sql_values = array($username); + ZM\Error("Could not retrieve user $username details"); + $_SESSION['loginFailed'] = true; + unset($user); + return false; } + $close_session = 0; if ( !is_session_started() ) { session_start(); $close_session = 1; } $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking - if ( $dbUser = dbFetchOne($sql, NULL, $sql_values) ) { + + if ( $password_correct ) { ZM\Info("Login successful for user \"$username\""); - $user = $dbUser; + $user = $saved_user_details; + if ( $password_type == 'mysql' ) { + ZM\Info('Migrating password, if possible for future logins'); + migrateHash($username, $password); + } unset($_SESSION['loginFailed']); if ( ZM_AUTH_TYPE == 'builtin' ) { $_SESSION['passwordHash'] = $user['Password']; @@ -113,7 +198,72 @@ function userLogout() { zm_session_clear(); } -function getAuthUser($auth) { + +function validateToken ($token, $allowed_token_type='access', $from_api_layer=false) { + + + global $user; + $key = ZM_AUTH_HASH_SECRET; + //if (ZM_AUTH_HASH_IPS) $key .= $_SERVER['REMOTE_ADDR']; + try { + $decoded_token = JWT::decode($token, $key, array('HS256')); + } catch (Exception $e) { + ZM\Error("Unable to authenticate user. error decoding JWT token:".$e->getMessage()); + + return array(false, $e->getMessage()); + } + + // convert from stdclass to array + $jwt_payload = json_decode(json_encode($decoded_token), true); + + $type = $jwt_payload['type']; + if ( $type != $allowed_token_type ) { + if ( $allowed_token_type == 'access' ) { + // give a hint that the user is not doing it right + ZM\Error('Please do not use refresh tokens for this operation'); + } + return array (false, 'Incorrect token type'); + } + + $username = $jwt_payload['user']; + $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username = ?'; + $sql_values = array($username); + + $saved_user_details = dbFetchOne($sql, NULL, $sql_values); + + if ( $saved_user_details ) { + + if ($from_api_layer && $saved_user_details['APIEnabled'] == 0) { + // if from_api_layer is true, an additional check will be done + // to make sure APIs are enabled for this user. This is a good place + // to do it, since we are doing a DB dip here. + ZM\Error ("API is disabled for \"$username\""); + unset($user); + return array(false, 'API is disabled for user'); + + } + + $issuedAt = $jwt_payload['iat']; + $minIssuedAt = $saved_user_details['TokenMinExpiry']; + + if ( $issuedAt < $minIssuedAt ) { + ZM\Error("Token revoked for $username. Please generate a new token"); + $_SESSION['loginFailed'] = true; + unset($user); + return array(false, 'Token revoked. Please re-generate'); + } + + $user = $saved_user_details; + return array($user, 'OK'); + } else { + ZM\Error("Could not retrieve user $username details"); + $_SESSION['loginFailed'] = true; + unset($user); + return array(false, 'No such user/credentials'); + } +} // end function validateToken($token, $allowed_token_type='access') + +function getAuthUser($auth, $from_api_layer = false) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' && !empty($auth) ) { $remoteAddr = ''; if ( ZM_AUTH_HASH_IPS ) { @@ -134,7 +284,8 @@ function getAuthUser($auth) { $sql = 'SELECT * FROM Users WHERE Enabled = 1'; } - foreach ( dbFetchAll($sql, NULL, $values) as $user ) { + foreach ( dbFetchAll($sql, NULL, $values) as $user ) + { $now = time(); for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= ZM_AUTH_HASH_TTL * 1800 ) { // Try for last two hours $time = localtime($now); @@ -142,7 +293,18 @@ function getAuthUser($auth) { $authHash = md5($authKey); if ( $auth == $authHash ) { - return $user; + if ($from_api_layer && $user['APIEnabled'] == 0) { + // if from_api_layer is true, an additional check will be done + // to make sure APIs are enabled for this user. This is a good place + // to do it, since we are doing a DB dip here. + ZM\Error ("API is disabled for \"".$user['Username']."\""); + unset($user); + return array(false, 'API is disabled for user'); + + } + else { + return $user; + } } } // end foreach hour } // end foreach user @@ -153,8 +315,9 @@ function getAuthUser($auth) { function generateAuthHash($useRemoteAddr, $force=false) { if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) { - # regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800 $time = time(); + + $mintime = $time - ( ZM_AUTH_HASH_TTL * 1800 ); if ( $force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime ) ) { @@ -216,9 +379,15 @@ if ( ZM_OPT_USE_AUTH ) { } if ( isset($_SESSION['username']) ) { - # Need to refresh permissions and validate that the user still exists - $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; - $user = dbFetchOne($sql, NULL, array($_SESSION['username'])); + if ( ZM_AUTH_HASH_LOGINS ) { + # Extra validation, if logged in, then the auth hash will be set in the session, so we can validate it. + # This prevent session modification to switch users + $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]); + } else { + # Need to refresh permissions and validate that the user still exists + $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; + $user = dbFetchOne($sql, NULL, array($_SESSION['username'])); + } } if ( ZM_AUTH_RELAY == 'plain' ) { @@ -234,6 +403,14 @@ if ( ZM_OPT_USE_AUTH ) { } else if ( isset($_REQUEST['username']) and isset($_REQUEST['password']) ) { userLogin($_REQUEST['username'], $_REQUEST['password'], false); } + + if (empty($user) && !empty($_REQUEST['token']) ) { + + $ret = validateToken($_REQUEST['token'], 'access'); + $user = $ret[0]; + } + + if ( !empty($user) ) { // generate it once here, while session is open. Value will be cached in session and return when called later on generateAuthHash(ZM_AUTH_HASH_IPS); diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 72d6de8ab..1fdd112e0 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -102,8 +102,10 @@ $SLANG = array( 'AlarmRGBUnset' => 'You must set an alarm RGB colour', 'Alert' => 'Alert', 'All' => 'All', + 'AllTokensRevoked' => 'All Tokens Revoked', 'AnalysisFPS' => 'Analysis FPS', 'AnalysisUpdateDelay' => 'Analysis Update Delay', + 'API' => 'API', 'Apply' => 'Apply', 'ApplyingStateChange' => 'Applying State Change', 'ArchArchived' => 'Archived Only', @@ -420,6 +422,7 @@ $SLANG = array( 'Images' => 'Images', 'Include' => 'Include', 'In' => 'In', + 'InvalidateTokens' => 'Invalidate all generated tokens', 'Inverted' => 'Inverted', 'Iris' => 'Iris', 'KeyString' => 'Key String', @@ -658,6 +661,7 @@ $SLANG = array( 'RestrictedMonitors' => 'Restricted Monitors', 'ReturnDelay' => 'Return Delay', 'ReturnLocation' => 'Return Location', + 'RevokeAllTokens' => 'Revoke All Tokens', 'Rewind' => 'Rewind', 'RotateLeft' => 'Rotate Left', 'RotateRight' => 'Rotate Right', diff --git a/web/skins/classic/css/base/skin.css b/web/skins/classic/css/base/skin.css index 069952d40..99692bff6 100644 --- a/web/skins/classic/css/base/skin.css +++ b/web/skins/classic/css/base/skin.css @@ -350,10 +350,53 @@ fieldset > legend { .alert, .warnText, .warning, .disabledText { color: #ffa801; } + + .alarm, .errorText, .error { color: #ff3f34; } +.timedErrorBox { + color:white; + background:#e74c3c; + border-radius:5px; + padding:5px; + -moz-animation: inAndOut 5s ease-in forwards; + -webkit-animation: inAndOut 5s ease-in forwards; + animation: inAndOut 5s ease-in forwards; +} + +/* + the timed classed auto disappear after 5s +*/ +.timedWarningBox { + color:white; + background:#e67e22; + border-radius:5px; + padding:5px; + -moz-animation: inAndOut 5s ease-in forwards; + -webkit-animation: inAndOut 5s ease-in forwards; + animation: inAndOut 5s ease-in forwards; +} + +.timedSuccessBox { + color:white; + background:#27ae60; + border-radius:5px; + padding:5px; + -moz-animation: inAndOut 5s ease-in forwards; + -webkit-animation: inAndOut 5s ease-in forwards; + animation: inAndOut 5s ease-in forwards; +} + +@keyframes inAndOut { + 0% {opacity:0;} + 10% {opacity:1;} + 90% {opacity:1;} + 100% {opacity:0;} +} + + .fakelink { color: #7f7fb2; cursor: pointer; diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index f7440d92e..b0ac2af1b 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -29,6 +29,7 @@ $tabs = array(); $tabs['skins'] = translate('Display'); $tabs['system'] = translate('System'); $tabs['config'] = translate('Config'); +$tabs['API'] = translate('API'); $tabs['servers'] = translate('Servers'); $tabs['storage'] = translate('Storage'); $tabs['web'] = translate('Web'); @@ -133,7 +134,8 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI -
@@ -309,8 +311,87 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
-APIs are disabled. To enable, please turn on OPT_USE_API in Options->System"; + } + else { + ?> + +
+
+ + ".translate('AllTokensRevoked').""; + } + + function updateSelected() + { + dbQuery("UPDATE Users SET APIEnabled=0"); + foreach( $_REQUEST["tokenUids"] as $markUid ) { + $minTime = time(); + dbQuery('UPDATE Users SET TokenMinExpiry=? WHERE Id=?', array($minTime, $markUid)); + } + foreach( $_REQUEST["apiUids"] as $markUid ) { + dbQuery('UPDATE Users SET APIEnabled=1 WHERE Id=?', array($markUid)); + + } + echo "".translate('Updated').""; + } + + if(array_key_exists('revokeAllTokens',$_POST)){ + revokeAllTokens(); + } + + if(array_key_exists('updateSelected',$_POST)){ + updateSelected(); + } + ?> + + +

+ + + + + + + + + + + + + + + + + + + + +
/>
+
+ + + +
@@ -431,6 +513,8 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI } ?> + + diff --git a/web/vendor/autoload.php b/web/vendor/autoload.php new file mode 100644 index 000000000..034205792 --- /dev/null +++ b/web/vendor/autoload.php @@ -0,0 +1,7 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0, PSR-4 and classmap class loader. + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier + * @author Jordi Boggiano + * @see http://www.php-fig.org/psr/psr-0/ + * @see http://www.php-fig.org/psr/psr-4/ + */ +class ClassLoader +{ + // PSR-4 + private $prefixLengthsPsr4 = array(); + private $prefixDirsPsr4 = array(); + private $fallbackDirsPsr4 = array(); + + // PSR-0 + private $prefixesPsr0 = array(); + private $fallbackDirsPsr0 = array(); + + private $useIncludePath = false; + private $classMap = array(); + private $classMapAuthoritative = false; + private $missingClasses = array(); + private $apcuPrefix; + + public function getPrefixes() + { + if (!empty($this->prefixesPsr0)) { + return call_user_func_array('array_merge', $this->prefixesPsr0); + } + + return array(); + } + + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + */ + public function add($prefix, $paths, $prepend = false) + { + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + (array) $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + (array) $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = (array) $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + (array) $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + (array) $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + (array) $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + (array) $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** + * APCu prefix to use to cache found/not-found classes, if the extension is enabled. + * + * @param string|null $apcuPrefix + */ + public function setApcuPrefix($apcuPrefix) + { + $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null; + } + + /** + * The APCu prefix in use, or null if APCu caching is not enabled. + * + * @return string|null + */ + public function getApcuPrefix() + { + return $this->apcuPrefix; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + } + + /** + * Unregisters this instance as an autoloader. + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return bool|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + includeFile($file); + + return true; + } + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) { + return false; + } + if (null !== $this->apcuPrefix) { + $file = apcu_fetch($this->apcuPrefix.$class, $hit); + if ($hit) { + return $file; + } + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if (false === $file && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if (null !== $this->apcuPrefix) { + apcu_add($this->apcuPrefix.$class, $file); + } + + if (false === $file) { + // Remember that this class does not exist. + $this->missingClasses[$class] = true; + } + + return $file; + } + + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + $subPath = $class; + while (false !== $lastPos = strrpos($subPath, '\\')) { + $subPath = substr($subPath, 0, $lastPos); + $search = $subPath.'\\'; + if (isset($this->prefixDirsPsr4[$search])) { + $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); + foreach ($this->prefixDirsPsr4[$search] as $dir) { + if (file_exists($file = $dir . $pathEnd)) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + + return false; + } +} + +/** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + */ +function includeFile($file) +{ + include $file; +} diff --git a/web/vendor/composer/LICENSE b/web/vendor/composer/LICENSE new file mode 100644 index 000000000..f0157a6ed --- /dev/null +++ b/web/vendor/composer/LICENSE @@ -0,0 +1,56 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Composer +Upstream-Contact: Jordi Boggiano +Source: https://github.com/composer/composer + +Files: * +Copyright: 2016, Nils Adermann + 2016, Jordi Boggiano +License: Expat + +Files: src/Composer/Util/TlsHelper.php +Copyright: 2016, Nils Adermann + 2016, Jordi Boggiano + 2013, Evan Coury +License: Expat and BSD-2-Clause + +License: BSD-2-Clause + Redistribution and use in source and binary forms, with or without modification, + are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is furnished + to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. diff --git a/web/vendor/composer/autoload_classmap.php b/web/vendor/composer/autoload_classmap.php new file mode 100644 index 000000000..7a91153b0 --- /dev/null +++ b/web/vendor/composer/autoload_classmap.php @@ -0,0 +1,9 @@ + $vendorDir . '/ircmaxell/password-compat/lib/password.php', +); diff --git a/web/vendor/composer/autoload_namespaces.php b/web/vendor/composer/autoload_namespaces.php new file mode 100644 index 000000000..b7fc0125d --- /dev/null +++ b/web/vendor/composer/autoload_namespaces.php @@ -0,0 +1,9 @@ + array($vendorDir . '/firebase/php-jwt/src'), +); diff --git a/web/vendor/composer/autoload_real.php b/web/vendor/composer/autoload_real.php new file mode 100644 index 000000000..6d63dc4f7 --- /dev/null +++ b/web/vendor/composer/autoload_real.php @@ -0,0 +1,70 @@ += 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); + if ($useStaticLoader) { + require_once __DIR__ . '/autoload_static.php'; + + call_user_func(\Composer\Autoload\ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b::getInitializer($loader)); + } else { + $map = require __DIR__ . '/autoload_namespaces.php'; + foreach ($map as $namespace => $path) { + $loader->set($namespace, $path); + } + + $map = require __DIR__ . '/autoload_psr4.php'; + foreach ($map as $namespace => $path) { + $loader->setPsr4($namespace, $path); + } + + $classMap = require __DIR__ . '/autoload_classmap.php'; + if ($classMap) { + $loader->addClassMap($classMap); + } + } + + $loader->register(true); + + if ($useStaticLoader) { + $includeFiles = Composer\Autoload\ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b::$files; + } else { + $includeFiles = require __DIR__ . '/autoload_files.php'; + } + foreach ($includeFiles as $fileIdentifier => $file) { + composerRequire254e25e69fe049d603f41f5fd853ef2b($fileIdentifier, $file); + } + + return $loader; + } +} + +function composerRequire254e25e69fe049d603f41f5fd853ef2b($fileIdentifier, $file) +{ + if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { + require $file; + + $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; + } +} diff --git a/web/vendor/composer/autoload_static.php b/web/vendor/composer/autoload_static.php new file mode 100644 index 000000000..980a5a0d7 --- /dev/null +++ b/web/vendor/composer/autoload_static.php @@ -0,0 +1,35 @@ + __DIR__ . '/..' . '/ircmaxell/password-compat/lib/password.php', + ); + + public static $prefixLengthsPsr4 = array ( + 'F' => + array ( + 'Firebase\\JWT\\' => 13, + ), + ); + + public static $prefixDirsPsr4 = array ( + 'Firebase\\JWT\\' => + array ( + 0 => __DIR__ . '/..' . '/firebase/php-jwt/src', + ), + ); + + public static function getInitializer(ClassLoader $loader) + { + return \Closure::bind(function () use ($loader) { + $loader->prefixLengthsPsr4 = ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b::$prefixLengthsPsr4; + $loader->prefixDirsPsr4 = ComposerStaticInit254e25e69fe049d603f41f5fd853ef2b::$prefixDirsPsr4; + + }, null, ClassLoader::class); + } +} diff --git a/web/vendor/composer/installed.json b/web/vendor/composer/installed.json new file mode 100644 index 000000000..0e2ed23cf --- /dev/null +++ b/web/vendor/composer/installed.json @@ -0,0 +1,94 @@ +[ + { + "name": "firebase/php-jwt", + "version": "v5.0.0", + "version_normalized": "5.0.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", + "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "require-dev": { + "phpunit/phpunit": " 4.8.35" + }, + "time": "2017-06-27T22:17:23+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt" + }, + { + "name": "ircmaxell/password-compat", + "version": "v1.0.4", + "version_normalized": "1.0.4.0", + "source": { + "type": "git", + "url": "https://github.com/ircmaxell/password_compat.git", + "reference": "5c5cde8822a69545767f7c7f3058cb15ff84614c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ircmaxell/password_compat/zipball/5c5cde8822a69545767f7c7f3058cb15ff84614c", + "reference": "5c5cde8822a69545767f7c7f3058cb15ff84614c", + "shasum": "" + }, + "require-dev": { + "phpunit/phpunit": "4.*" + }, + "time": "2014-11-20T16:49:30+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "files": [ + "lib/password.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Anthony Ferrara", + "email": "ircmaxell@php.net", + "homepage": "http://blog.ircmaxell.com" + } + ], + "description": "A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password_hash", + "homepage": "https://github.com/ircmaxell/password_compat", + "keywords": [ + "hashing", + "password" + ] + } +] diff --git a/web/vendor/firebase/php-jwt/LICENSE b/web/vendor/firebase/php-jwt/LICENSE new file mode 100644 index 000000000..cb0c49b33 --- /dev/null +++ b/web/vendor/firebase/php-jwt/LICENSE @@ -0,0 +1,30 @@ +Copyright (c) 2011, Neuman Vong + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + * Neither the name of Neuman Vong nor the names of other + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/web/vendor/firebase/php-jwt/README.md b/web/vendor/firebase/php-jwt/README.md new file mode 100644 index 000000000..b1a7a3a20 --- /dev/null +++ b/web/vendor/firebase/php-jwt/README.md @@ -0,0 +1,200 @@ +[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt) +[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt) +[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt) +[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt) + +PHP-JWT +======= +A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519). + +Installation +------------ + +Use composer to manage your dependencies and download PHP-JWT: + +```bash +composer require firebase/php-jwt +``` + +Example +------- +```php + "http://example.org", + "aud" => "http://example.com", + "iat" => 1356999524, + "nbf" => 1357000000 +); + +/** + * IMPORTANT: + * You must specify supported algorithms for your application. See + * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 + * for a list of spec-compliant algorithms. + */ +$jwt = JWT::encode($token, $key); +$decoded = JWT::decode($jwt, $key, array('HS256')); + +print_r($decoded); + +/* + NOTE: This will now be an object instead of an associative array. To get + an associative array, you will need to cast it as such: +*/ + +$decoded_array = (array) $decoded; + +/** + * You can add a leeway to account for when there is a clock skew times between + * the signing and verifying servers. It is recommended that this leeway should + * not be bigger than a few minutes. + * + * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef + */ +JWT::$leeway = 60; // $leeway in seconds +$decoded = JWT::decode($jwt, $key, array('HS256')); + +?> +``` +Example with RS256 (openssl) +---------------------------- +```php + "example.org", + "aud" => "example.com", + "iat" => 1356999524, + "nbf" => 1357000000 +); + +$jwt = JWT::encode($token, $privateKey, 'RS256'); +echo "Encode:\n" . print_r($jwt, true) . "\n"; + +$decoded = JWT::decode($jwt, $publicKey, array('RS256')); + +/* + NOTE: This will now be an object instead of an associative array. To get + an associative array, you will need to cast it as such: +*/ + +$decoded_array = (array) $decoded; +echo "Decode:\n" . print_r($decoded_array, true) . "\n"; +?> +``` + +Changelog +--------- + +#### 5.0.0 / 2017-06-26 +- Support RS384 and RS512. + See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)! +- Add an example for RS256 openssl. + See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)! +- Detect invalid Base64 encoding in signature. + See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)! +- Update `JWT::verify` to handle OpenSSL errors. + See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)! +- Add `array` type hinting to `decode` method + See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)! +- Add all JSON error types. + See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)! +- Bugfix 'kid' not in given key list. + See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)! +- Miscellaneous cleanup, documentation and test fixes. + See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115), + [#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and + [#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman), + [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)! + +#### 4.0.0 / 2016-07-17 +- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)! +- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)! +- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)! +- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)! + +#### 3.0.0 / 2015-07-22 +- Minimum PHP version updated from `5.2.0` to `5.3.0`. +- Add `\Firebase\JWT` namespace. See +[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to +[@Dashron](https://github.com/Dashron)! +- Require a non-empty key to decode and verify a JWT. See +[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to +[@sjones608](https://github.com/sjones608)! +- Cleaner documentation blocks in the code. See +[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to +[@johanderuijter](https://github.com/johanderuijter)! + +#### 2.2.0 / 2015-06-22 +- Add support for adding custom, optional JWT headers to `JWT::encode()`. See +[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to +[@mcocaro](https://github.com/mcocaro)! + +#### 2.1.0 / 2015-05-20 +- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew +between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! +- Add support for passing an object implementing the `ArrayAccess` interface for +`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)! + +#### 2.0.0 / 2015-04-01 +- **Note**: It is strongly recommended that you update to > v2.0.0 to address + known security vulnerabilities in prior versions when both symmetric and + asymmetric keys are used together. +- Update signature for `JWT::decode(...)` to require an array of supported + algorithms to use when verifying token signatures. + + +Tests +----- +Run the tests using phpunit: + +```bash +$ pear install PHPUnit +$ phpunit --configuration phpunit.xml.dist +PHPUnit 3.7.10 by Sebastian Bergmann. +..... +Time: 0 seconds, Memory: 2.50Mb +OK (5 tests, 5 assertions) +``` + +New Lines in private keys +----- + +If your private key contains `\n` characters, be sure to wrap it in double quotes `""` +and not single quotes `''` in order to properly interpret the escaped characters. + +License +------- +[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). diff --git a/web/vendor/firebase/php-jwt/composer.json b/web/vendor/firebase/php-jwt/composer.json new file mode 100644 index 000000000..b76ffd191 --- /dev/null +++ b/web/vendor/firebase/php-jwt/composer.json @@ -0,0 +1,29 @@ +{ + "name": "firebase/php-jwt", + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "license": "BSD-3-Clause", + "require": { + "php": ">=5.3.0" + }, + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "require-dev": { + "phpunit/phpunit": " 4.8.35" + } +} diff --git a/web/vendor/firebase/php-jwt/src/BeforeValidException.php b/web/vendor/firebase/php-jwt/src/BeforeValidException.php new file mode 100644 index 000000000..a6ee2f7c6 --- /dev/null +++ b/web/vendor/firebase/php-jwt/src/BeforeValidException.php @@ -0,0 +1,7 @@ + + * @author Anant Narayanan + * @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD + * @link https://github.com/firebase/php-jwt + */ +class JWT +{ + + /** + * When checking nbf, iat or expiration times, + * we want to provide some extra leeway time to + * account for clock skew. + */ + public static $leeway = 0; + + /** + * Allow the current timestamp to be specified. + * Useful for fixing a value within unit testing. + * + * Will default to PHP time() value if null. + */ + public static $timestamp = null; + + public static $supported_algs = array( + 'HS256' => array('hash_hmac', 'SHA256'), + 'HS512' => array('hash_hmac', 'SHA512'), + 'HS384' => array('hash_hmac', 'SHA384'), + 'RS256' => array('openssl', 'SHA256'), + 'RS384' => array('openssl', 'SHA384'), + 'RS512' => array('openssl', 'SHA512'), + ); + + /** + * Decodes a JWT string into a PHP object. + * + * @param string $jwt The JWT + * @param string|array $key The key, or map of keys. + * If the algorithm used is asymmetric, this is the public key + * @param array $allowed_algs List of supported verification algorithms + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return object The JWT's payload as a PHP object + * + * @throws UnexpectedValueException Provided JWT was invalid + * @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed + * @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf' + * @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat' + * @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim + * + * @uses jsonDecode + * @uses urlsafeB64Decode + */ + public static function decode($jwt, $key, array $allowed_algs = array()) + { + $timestamp = is_null(static::$timestamp) ? time() : static::$timestamp; + + if (empty($key)) { + throw new InvalidArgumentException('Key may not be empty'); + } + $tks = explode('.', $jwt); + if (count($tks) != 3) { + throw new UnexpectedValueException('Wrong number of segments'); + } + list($headb64, $bodyb64, $cryptob64) = $tks; + if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) { + throw new UnexpectedValueException('Invalid header encoding'); + } + if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) { + throw new UnexpectedValueException('Invalid claims encoding'); + } + if (false === ($sig = static::urlsafeB64Decode($cryptob64))) { + throw new UnexpectedValueException('Invalid signature encoding'); + } + if (empty($header->alg)) { + throw new UnexpectedValueException('Empty algorithm'); + } + if (empty(static::$supported_algs[$header->alg])) { + throw new UnexpectedValueException('Algorithm not supported'); + } + if (!in_array($header->alg, $allowed_algs)) { + throw new UnexpectedValueException('Algorithm not allowed'); + } + if (is_array($key) || $key instanceof \ArrayAccess) { + if (isset($header->kid)) { + if (!isset($key[$header->kid])) { + throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key'); + } + $key = $key[$header->kid]; + } else { + throw new UnexpectedValueException('"kid" empty, unable to lookup correct key'); + } + } + + // Check the signature + if (!static::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { + throw new SignatureInvalidException('Signature verification failed'); + } + + // Check if the nbf if it is defined. This is the time that the + // token can actually be used. If it's not yet that time, abort. + if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) + ); + } + + // Check that this token has been created before 'now'. This prevents + // using tokens that have been created for later use (and haven't + // correctly used the nbf claim). + if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) + ); + } + + // Check if this token has expired. + if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) { + throw new ExpiredException('Expired token'); + } + + return $payload; + } + + /** + * Converts and signs a PHP object or array into a JWT string. + * + * @param object|array $payload PHP object or array + * @param string $key The secret key. + * If the algorithm used is asymmetric, this is the private key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param mixed $keyId + * @param array $head An array with header elements to attach + * + * @return string A signed JWT + * + * @uses jsonEncode + * @uses urlsafeB64Encode + */ + public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) + { + $header = array('typ' => 'JWT', 'alg' => $alg); + if ($keyId !== null) { + $header['kid'] = $keyId; + } + if ( isset($head) && is_array($head) ) { + $header = array_merge($head, $header); + } + $segments = array(); + $segments[] = static::urlsafeB64Encode(static::jsonEncode($header)); + $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload)); + $signing_input = implode('.', $segments); + + $signature = static::sign($signing_input, $key, $alg); + $segments[] = static::urlsafeB64Encode($signature); + + return implode('.', $segments); + } + + /** + * Sign a string with a given key and algorithm. + * + * @param string $msg The message to sign + * @param string|resource $key The secret key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return string An encrypted message + * + * @throws DomainException Unsupported algorithm was specified + */ + public static function sign($msg, $key, $alg = 'HS256') + { + if (empty(static::$supported_algs[$alg])) { + throw new DomainException('Algorithm not supported'); + } + list($function, $algorithm) = static::$supported_algs[$alg]; + switch($function) { + case 'hash_hmac': + return hash_hmac($algorithm, $msg, $key, true); + case 'openssl': + $signature = ''; + $success = openssl_sign($msg, $signature, $key, $algorithm); + if (!$success) { + throw new DomainException("OpenSSL unable to sign data"); + } else { + return $signature; + } + } + } + + /** + * Verify a signature with the message, key and method. Not all methods + * are symmetric, so we must have a separate verify and sign method. + * + * @param string $msg The original message (header and body) + * @param string $signature The original signature + * @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key + * @param string $alg The algorithm + * + * @return bool + * + * @throws DomainException Invalid Algorithm or OpenSSL failure + */ + private static function verify($msg, $signature, $key, $alg) + { + if (empty(static::$supported_algs[$alg])) { + throw new DomainException('Algorithm not supported'); + } + + list($function, $algorithm) = static::$supported_algs[$alg]; + switch($function) { + case 'openssl': + $success = openssl_verify($msg, $signature, $key, $algorithm); + if ($success === 1) { + return true; + } elseif ($success === 0) { + return false; + } + // returns 1 on success, 0 on failure, -1 on error. + throw new DomainException( + 'OpenSSL error: ' . openssl_error_string() + ); + case 'hash_hmac': + default: + $hash = hash_hmac($algorithm, $msg, $key, true); + if (function_exists('hash_equals')) { + return hash_equals($signature, $hash); + } + $len = min(static::safeStrlen($signature), static::safeStrlen($hash)); + + $status = 0; + for ($i = 0; $i < $len; $i++) { + $status |= (ord($signature[$i]) ^ ord($hash[$i])); + } + $status |= (static::safeStrlen($signature) ^ static::safeStrlen($hash)); + + return ($status === 0); + } + } + + /** + * Decode a JSON string into a PHP object. + * + * @param string $input JSON string + * + * @return object Object representation of JSON string + * + * @throws DomainException Provided string was invalid JSON + */ + public static function jsonDecode($input) + { + if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) { + /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you + * to specify that large ints (like Steam Transaction IDs) should be treated as + * strings, rather than the PHP default behaviour of converting them to floats. + */ + $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); + } else { + /** Not all servers will support that, however, so for older versions we must + * manually detect large ints in the JSON string and quote them (thus converting + *them to strings) before decoding, hence the preg_replace() call. + */ + $max_int_length = strlen((string) PHP_INT_MAX) - 1; + $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); + $obj = json_decode($json_without_bigints); + } + + if (function_exists('json_last_error') && $errno = json_last_error()) { + static::handleJsonError($errno); + } elseif ($obj === null && $input !== 'null') { + throw new DomainException('Null result with non-null input'); + } + return $obj; + } + + /** + * Encode a PHP object into a JSON string. + * + * @param object|array $input A PHP object or array + * + * @return string JSON representation of the PHP object or array + * + * @throws DomainException Provided object could not be encoded to valid JSON + */ + public static function jsonEncode($input) + { + $json = json_encode($input); + if (function_exists('json_last_error') && $errno = json_last_error()) { + static::handleJsonError($errno); + } elseif ($json === 'null' && $input !== null) { + throw new DomainException('Null result with non-null input'); + } + return $json; + } + + /** + * Decode a string with URL-safe Base64. + * + * @param string $input A Base64 encoded string + * + * @return string A decoded string + */ + public static function urlsafeB64Decode($input) + { + $remainder = strlen($input) % 4; + if ($remainder) { + $padlen = 4 - $remainder; + $input .= str_repeat('=', $padlen); + } + return base64_decode(strtr($input, '-_', '+/')); + } + + /** + * Encode a string with URL-safe Base64. + * + * @param string $input The string you want encoded + * + * @return string The base64 encode of what you passed in + */ + public static function urlsafeB64Encode($input) + { + return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); + } + + /** + * Helper method to create a JSON error. + * + * @param int $errno An error number from json_last_error() + * + * @return void + */ + private static function handleJsonError($errno) + { + $messages = array( + JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', + JSON_ERROR_STATE_MISMATCH => 'Invalid or malformed JSON', + JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', + JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON', + JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3 + ); + throw new DomainException( + isset($messages[$errno]) + ? $messages[$errno] + : 'Unknown JSON error: ' . $errno + ); + } + + /** + * Get the number of bytes in cryptographic strings. + * + * @param string + * + * @return int + */ + private static function safeStrlen($str) + { + if (function_exists('mb_strlen')) { + return mb_strlen($str, '8bit'); + } + return strlen($str); + } +} diff --git a/web/vendor/firebase/php-jwt/src/SignatureInvalidException.php b/web/vendor/firebase/php-jwt/src/SignatureInvalidException.php new file mode 100644 index 000000000..27332b21b --- /dev/null +++ b/web/vendor/firebase/php-jwt/src/SignatureInvalidException.php @@ -0,0 +1,7 @@ + + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @copyright 2012 The Authors + */ + +namespace { + + if (!defined('PASSWORD_BCRYPT')) { + /** + * PHPUnit Process isolation caches constants, but not function declarations. + * So we need to check if the constants are defined separately from + * the functions to enable supporting process isolation in userland + * code. + */ + define('PASSWORD_BCRYPT', 1); + define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); + define('PASSWORD_BCRYPT_DEFAULT_COST', 10); + } + + if (!function_exists('password_hash')) { + + /** + * Hash the password using the specified algorithm + * + * @param string $password The password to hash + * @param int $algo The algorithm to use (Defined by PASSWORD_* constants) + * @param array $options The options for the algorithm to use + * + * @return string|false The hashed password, or false on error. + */ + function password_hash($password, $algo, array $options = array()) { + if (!function_exists('crypt')) { + trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); + return null; + } + if (is_null($password) || is_int($password)) { + $password = (string) $password; + } + if (!is_string($password)) { + trigger_error("password_hash(): Password must be a string", E_USER_WARNING); + return null; + } + if (!is_int($algo)) { + trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); + return null; + } + $resultLength = 0; + switch ($algo) { + case PASSWORD_BCRYPT: + $cost = PASSWORD_BCRYPT_DEFAULT_COST; + if (isset($options['cost'])) { + $cost = $options['cost']; + if ($cost < 4 || $cost > 31) { + trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); + return null; + } + } + // The length of salt to generate + $raw_salt_len = 16; + // The length required in the final serialization + $required_salt_len = 22; + $hash_format = sprintf("$2y$%02d$", $cost); + // The expected length of the final crypt() output + $resultLength = 60; + break; + default: + trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); + return null; + } + $salt_requires_encoding = false; + if (isset($options['salt'])) { + switch (gettype($options['salt'])) { + case 'NULL': + case 'boolean': + case 'integer': + case 'double': + case 'string': + $salt = (string) $options['salt']; + break; + case 'object': + if (method_exists($options['salt'], '__tostring')) { + $salt = (string) $options['salt']; + break; + } + case 'array': + case 'resource': + default: + trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); + return null; + } + if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) { + trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING); + return null; + } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { + $salt_requires_encoding = true; + } + } else { + $buffer = ''; + $buffer_valid = false; + if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { + $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); + if ($buffer) { + $buffer_valid = true; + } + } + if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { + $buffer = openssl_random_pseudo_bytes($raw_salt_len); + if ($buffer) { + $buffer_valid = true; + } + } + if (!$buffer_valid && @is_readable('/dev/urandom')) { + $f = fopen('/dev/urandom', 'r'); + $read = PasswordCompat\binary\_strlen($buffer); + while ($read < $raw_salt_len) { + $buffer .= fread($f, $raw_salt_len - $read); + $read = PasswordCompat\binary\_strlen($buffer); + } + fclose($f); + if ($read >= $raw_salt_len) { + $buffer_valid = true; + } + } + if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) { + $bl = PasswordCompat\binary\_strlen($buffer); + for ($i = 0; $i < $raw_salt_len; $i++) { + if ($i < $bl) { + $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); + } else { + $buffer .= chr(mt_rand(0, 255)); + } + } + } + $salt = $buffer; + $salt_requires_encoding = true; + } + if ($salt_requires_encoding) { + // encode string with the Base64 variant used by crypt + $base64_digits = + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; + $bcrypt64_digits = + './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; + + $base64_string = base64_encode($salt); + $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits); + } + $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len); + + $hash = $hash_format . $salt; + + $ret = crypt($password, $hash); + + if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) { + return false; + } + + return $ret; + } + + /** + * Get information about the password hash. Returns an array of the information + * that was used to generate the password hash. + * + * array( + * 'algo' => 1, + * 'algoName' => 'bcrypt', + * 'options' => array( + * 'cost' => PASSWORD_BCRYPT_DEFAULT_COST, + * ), + * ) + * + * @param string $hash The password hash to extract info from + * + * @return array The array of information about the hash. + */ + function password_get_info($hash) { + $return = array( + 'algo' => 0, + 'algoName' => 'unknown', + 'options' => array(), + ); + if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) { + $return['algo'] = PASSWORD_BCRYPT; + $return['algoName'] = 'bcrypt'; + list($cost) = sscanf($hash, "$2y$%d$"); + $return['options']['cost'] = $cost; + } + return $return; + } + + /** + * Determine if the password hash needs to be rehashed according to the options provided + * + * If the answer is true, after validating the password using password_verify, rehash it. + * + * @param string $hash The hash to test + * @param int $algo The algorithm used for new password hashes + * @param array $options The options array passed to password_hash + * + * @return boolean True if the password needs to be rehashed. + */ + function password_needs_rehash($hash, $algo, array $options = array()) { + $info = password_get_info($hash); + if ($info['algo'] != $algo) { + return true; + } + switch ($algo) { + case PASSWORD_BCRYPT: + $cost = isset($options['cost']) ? $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; + if ($cost != $info['options']['cost']) { + return true; + } + break; + } + return false; + } + + /** + * Verify a password against a hash using a timing attack resistant approach + * + * @param string $password The password to verify + * @param string $hash The hash to verify against + * + * @return boolean If the password matches the hash + */ + function password_verify($password, $hash) { + if (!function_exists('crypt')) { + trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); + return false; + } + $ret = crypt($password, $hash); + if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) { + return false; + } + + $status = 0; + for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) { + $status |= (ord($ret[$i]) ^ ord($hash[$i])); + } + + return $status === 0; + } + } + +} + +namespace PasswordCompat\binary { + + if (!function_exists('PasswordCompat\\binary\\_strlen')) { + + /** + * Count the number of bytes in a string + * + * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension. + * In this case, strlen() will count the number of *characters* based on the internal encoding. A + * sequence of bytes might be regarded as a single multibyte character. + * + * @param string $binary_string The input string + * + * @internal + * @return int The number of bytes + */ + function _strlen($binary_string) { + if (function_exists('mb_strlen')) { + return mb_strlen($binary_string, '8bit'); + } + return strlen($binary_string); + } + + /** + * Get a substring based on byte limits + * + * @see _strlen() + * + * @param string $binary_string The input string + * @param int $start + * @param int $length + * + * @internal + * @return string The substring + */ + function _substr($binary_string, $start, $length) { + if (function_exists('mb_substr')) { + return mb_substr($binary_string, $start, $length, '8bit'); + } + return substr($binary_string, $start, $length); + } + + /** + * Check if current PHP version is compatible with the library + * + * @return boolean the check result + */ + function check() { + static $pass = NULL; + + if (is_null($pass)) { + if (function_exists('crypt')) { + $hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG'; + $test = crypt("password", $hash); + $pass = $test == $hash; + } else { + $pass = false; + } + } + return $pass; + } + + } +} \ No newline at end of file diff --git a/web/vendor/ircmaxell/password-compat/version-test.php b/web/vendor/ircmaxell/password-compat/version-test.php new file mode 100644 index 000000000..96f60ca8d --- /dev/null +++ b/web/vendor/ircmaxell/password-compat/version-test.php @@ -0,0 +1,6 @@ + Date: Fri, 24 May 2019 13:53:24 -0400 Subject: [PATCH 115/360] Add shutdown capability (#2575) * Add Config for showing a system shutdown/restart option * Add a translation for Shutdown * add a shutdown power button to the navbar * but the shutdown icon in a navbar-txt * set width and height of shutdown window * Add instructions for enabling the web user to run shutdown * add the shutdown view and actions --- .../lib/ZoneMinder/ConfigData.pm.in | 12 ++++ web/includes/actions/shutdown.php | 44 ++++++++++++ web/lang/en_gb.php | 1 + web/skins/classic/includes/functions.php | 7 +- web/skins/classic/js/base.js | 1 + web/skins/classic/views/shutdown.php | 69 +++++++++++++++++++ 6 files changed, 132 insertions(+), 2 deletions(-) create mode 100644 web/includes/actions/shutdown.php create mode 100644 web/skins/classic/views/shutdown.php diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index d133b3eaf..c848441e8 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -473,6 +473,18 @@ our @options = ( type => $types{string}, category => 'system', }, + { + name => 'ZM_SYSTEM_SHUTDOWN', + default => 'true', + description => 'Allow Admin users to power off or restart the system from the ZoneMinder UI.', + help => 'The system will need to have sudo installed and the following added to /etc/sudoers~~ + ~~ + @ZM_WEB_USER@ ALL=NOPASSWD: /sbin/shutdown~~ + ~~ + to perform the shutdown or reboot', + type => $types{boolean}, + category => 'system', + }, { name => 'ZM_USE_DEEP_STORAGE', default => 'yes', diff --git a/web/includes/actions/shutdown.php b/web/includes/actions/shutdown.php new file mode 100644 index 000000000..f6d31b4f4 --- /dev/null +++ b/web/includes/actions/shutdown.php @@ -0,0 +1,44 @@ +&1", $output, $rc); + #exec('sudo -n /bin/systemctl poweroff -i 2>&1', $output, $rc); + ZM\Logger::Debug("Shutdown output $rc " . implode("\n",$output)); + #ZM\Logger::Debug("Shutdown output " . shell_exec('/bin/systemctl poweroff -i 2>&1')); + } else if ( $action == 'restart' ) { + $output = array(); + exec("sudo -n /sbin/shutdown -r $when 2>&1", $output); + #exec('sudo -n /bin/systemctl reboot -i 2>&1', $output); + ZM\Logger::Debug("Shutdown output " . implode("\n",$output)); + } else if ( $action == 'cancel' ) { + $output = array(); + exec('sudo /sbin/shutdown -c 2>&1', $output); + } +} # end if action +?> diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 1fdd112e0..cb5037045 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -693,6 +693,7 @@ $SLANG = array( 'Settings' => 'Settings', 'ShowFilterWindow' => 'Show Filter Window', 'ShowTimeline' => 'Show Timeline', + 'Shutdown' => 'Shutdown', 'SignalCheckColour' => 'Signal Check Colour', 'SignalCheckPoints' => 'Signal Check Points', 'Size' => 'Size', diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index 40bf18b30..d0ce75abb 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -328,10 +328,13 @@ if (isset($_REQUEST['filter']['Query']['terms']['attr'])) {

account_circle

- - + +

+ power_settings_new' ) ?> +

+

diff --git a/web/skins/classic/js/base.js b/web/skins/classic/js/base.js index b0a28dc96..5d044f229 100644 --- a/web/skins/classic/js/base.js +++ b/web/skins/classic/js/base.js @@ -60,6 +60,7 @@ var popupSizes = { 'preset': {'width': 300, 'height': 220}, 'server': {'width': 600, 'height': 405}, 'settings': {'width': 220, 'height': 235}, + 'shutdown': {'width': 400, 'height': 400}, 'state': {'width': 400, 'height': 170}, 'stats': {'width': 840, 'height': 200}, 'storage': {'width': 600, 'height': 405}, diff --git a/web/skins/classic/views/shutdown.php b/web/skins/classic/views/shutdown.php new file mode 100644 index 000000000..5e032cd1c --- /dev/null +++ b/web/skins/classic/views/shutdown.php @@ -0,0 +1,69 @@ + + +
+ +
+
+ +'.implode('
', $output).'

'; + } + if ( isset($_POST['when']) and ($_POST['when'] != 'NOW') and ($action != 'cancel') ) { + echo '

You may cancel this shutdown by clicking '.translate('Cancel').'

'; + } +?> +

Warning

+ This command will either shutdown or restart all ZoneMinder Servers
+

+

+ + +

+
+ + + + + + +
+
+
+
+ + From 4b1284b8ad07a8ebc361b8182ef0778e2d50bea8 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 13:57:40 -0400 Subject: [PATCH 116/360] fix merge --- distros/ubuntu1604/control | 4 ---- 1 file changed, 4 deletions(-) diff --git a/distros/ubuntu1604/control b/distros/ubuntu1604/control index 2ff4b916a..dac96fb16 100644 --- a/distros/ubuntu1604/control +++ b/distros/ubuntu1604/control @@ -79,11 +79,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,rsyslog | system-log-daemon ,zip ,libpcre3 -<<<<<<< HEAD ,libssl | libssl1.0.0 | libssl1.1 -======= - ,libssl | libssl1.0.0 ->>>>>>> 34400419e8384ab7c130b47d46fe90d2337ee5c2 ,libcrypt-eksblowfish-perl ,libdata-entropy-perl Recommends: ${misc:Recommends} From 3b5b63d9cb93dc41a87087b75f2a3b929d4b0ed3 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 14:09:46 -0400 Subject: [PATCH 117/360] add libx264-155 to possible dependencies. Fixes #2596 --- distros/ubuntu1604/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/distros/ubuntu1604/control b/distros/ubuntu1604/control index dac96fb16..7926fc346 100644 --- a/distros/ubuntu1604/control +++ b/distros/ubuntu1604/control @@ -45,7 +45,7 @@ Package: zoneminder Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,javascript-common - ,libmp4v2-2, libx264-142|libx264-148|libx264-152 + ,libmp4v2-2, libx264-142|libx264-148|libx264-152|libx264-155 ,libswscale-ffmpeg3|libswscale4|libswscale3|libswscale5 ,libswresample2|libswresample3|libswresample24|libswresample-ffmpeg1 ,ffmpeg | libav-tools From 0c00752ab46e42194d6990fdd0571188231f0848 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 14:51:08 -0400 Subject: [PATCH 118/360] fix nextFid and prevFid when using bulk frames. Disable buttons instead of removing them entirely. --- web/skins/classic/views/frame.php | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/web/skins/classic/views/frame.php b/web/skins/classic/views/frame.php index 7aca36bc9..9abe1d338 100644 --- a/web/skins/classic/views/frame.php +++ b/web/skins/classic/views/frame.php @@ -44,8 +44,8 @@ $Frame = new ZM\Frame($frame); $maxFid = $Event->Frames(); $firstFid = 1; -$prevFid = $Frame->FrameId()-1; -$nextFid = $Frame->FrameId()+1; +$prevFid = dbFetchOne('SELECT MAX(FrameId) AS FrameId FROM Frames WHERE EventId = ? AND FrameId < ?', 'FrameId', array($eid, $fid) ); +$nextFid = dbFetchOne('SELECT MIN(FrameId) AS FrameId FROM Frames WHERE EventId = ? AND FrameId > ?', 'FrameId', array($eid, $fid) ); $lastFid = $maxFid; $alarmFrame = $Frame->Type() == 'Alarm'; @@ -108,16 +108,14 @@ xhtmlHeaders(__FILE__, translate('Frame').' - '.$Event->Id().' - '.$Frame->Frame

-

-FrameId() > 1 ) { ?> - - FrameId() < $maxFid ) { ?> - - - + $frame_url_base = '?view=frame&eid='.$Event->Id().'&scale='.$scale.'&show='.$show.'&fid='; +?> +

+ FrameId() > 1 ) ? 'href="'.$frame_url_base.$firstFid.'" class="btn-primary"' : 'class="btn-primary disabled"') ?>> + FrameId() > 1 ) ? 'href="'.$frame_url_base.$prevFid.'" class="btn-primary"' : 'class="btn-primary disabled"' ?>> + FrameId() < $maxFid ) ? 'href="'.$frame_url_base.$nextFid.'" class="btn-primary"' : 'class="btn-primary disabled"' ?>> + FrameId() < $maxFid ) ? 'href="'.$frame_url_base.$lastFid .'" class="btn-primary"' : 'class="btn-primary disabled"' ?>>

From d5b29923a4dc4d5e24848cb727ade86eb9a691b5 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 14:51:39 -0400 Subject: [PATCH 119/360] add a.disabled css style --- web/skins/classic/css/base/skin.css | 1 + 1 file changed, 1 insertion(+) diff --git a/web/skins/classic/css/base/skin.css b/web/skins/classic/css/base/skin.css index 99692bff6..1dfd6ea90 100644 --- a/web/skins/classic/css/base/skin.css +++ b/web/skins/classic/css/base/skin.css @@ -589,6 +589,7 @@ input[type=submit]:hover, button:disabled, input[type=button]:disabled, input[type=submit]:disabled, + a.disabled, .btn-primary:disabled { background-color: #aaaaaa; border-color: #bbbbbb; From 4765b9d936cc1d2048b778bd211b7227eb91d2bd Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 14:52:04 -0400 Subject: [PATCH 120/360] Don't generate php errors when returned row doesn't have the specified column --- web/includes/database.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web/includes/database.php b/web/includes/database.php index b567f6c6d..f214af58b 100644 --- a/web/includes/database.php +++ b/web/includes/database.php @@ -172,10 +172,11 @@ function dbFetchOne( $sql, $col=false, $params=NULL ) { return false; } - if ( $result && $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) { + if ( $result && ($dbRow = $result->fetch(PDO::FETCH_ASSOC)) ) { if ( $col ) { if ( ! array_key_exists($col, $dbRow) ) { ZM\Warning("$col does not exist in the returned row " . print_r($dbRow, true)); + return false; } return $dbRow[$col]; } From fad919adeceff7252d0d6b1bf5892c617e9ee7a6 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 14:59:33 -0400 Subject: [PATCH 121/360] Fix incorrect fix for dealing with bulk frames. prev and next fid should just be +/- 1, so that we show the actual capture frame as opposed to the non-existent db frame record. Fix is by specifying the EventId as well --- web/skins/classic/views/frame.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/skins/classic/views/frame.php b/web/skins/classic/views/frame.php index 9abe1d338..af412794b 100644 --- a/web/skins/classic/views/frame.php +++ b/web/skins/classic/views/frame.php @@ -35,7 +35,7 @@ $Monitor = $Event->Monitor(); if ( !empty($fid) ) { $sql = 'SELECT * FROM Frames WHERE EventId = ? AND FrameId = ?'; if ( !($frame = dbFetchOne( $sql, NULL, array($eid, $fid) )) ) - $frame = array( 'FrameId'=>$fid, 'Type'=>'Normal', 'Score'=>0 ); + $frame = array( 'EventId'=>$eid, 'FrameId'=>$fid, 'Type'=>'Normal', 'Score'=>0 ); } else { $frame = dbFetchOne('SELECT * FROM Frames WHERE EventId = ? AND Score = ?', NULL, array($eid, $Event->MaxScore())); } @@ -44,8 +44,8 @@ $Frame = new ZM\Frame($frame); $maxFid = $Event->Frames(); $firstFid = 1; -$prevFid = dbFetchOne('SELECT MAX(FrameId) AS FrameId FROM Frames WHERE EventId = ? AND FrameId < ?', 'FrameId', array($eid, $fid) ); -$nextFid = dbFetchOne('SELECT MIN(FrameId) AS FrameId FROM Frames WHERE EventId = ? AND FrameId > ?', 'FrameId', array($eid, $fid) ); +$prevFid = $fid-1; +$nextFid = $fid+1; $lastFid = $maxFid; $alarmFrame = $Frame->Type() == 'Alarm'; From 3c5d20a2e1dbc1c176c64b27e483ccec91989ee7 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 24 May 2019 15:06:37 -0400 Subject: [PATCH 122/360] when an event view is scaled, adjust the frame popup window size accordingly --- web/skins/classic/views/frames.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php index 3e146c958..78239b1b1 100644 --- a/web/skins/classic/views/frames.php +++ b/web/skins/classic/views/frames.php @@ -24,7 +24,17 @@ if ( !canView('Events') ) { } require_once('includes/Frame.php'); $Event = new ZM\Event($_REQUEST['eid']); +$Monitor = $Event->Monitor(); +if ( isset( $_REQUEST['scale'] ) ) { + $scale = validNum($_REQUEST['scale']); +} else if ( isset( $_COOKIE['zmWatchScale'.$Monitor->Id()] ) ) { + $scale = validNum($_COOKIE['zmWatchScale'.$Monitor->Id()]); +} else if ( isset( $_COOKIE['zmWatchScale'] ) ) { + $scale = validNum($_COOKIE['zmWatchScale']); +} else { + $scale = max( reScale( SCALE_BASE, $Monitor->DefaultScale(), ZM_WEB_DEFAULT_SCALE ), SCALE_BASE ); +} $sql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId'; $frames = dbFetchAll( $sql, NULL, array( $_REQUEST['eid'] ) ); @@ -62,12 +72,20 @@ xhtmlHeaders(__FILE__, translate('Frames').' - '.$Event->Id() ); - Id().'&fid='.$frame['FrameId'], 'zmImage', array( 'frame', $Event->Width(), $Event->Height() ), $frame['FrameId'] ) ?> + Id().'&fid='.$frame['FrameId'], 'zmImage', + array( + 'frame', + ($scale ? $Event->Width()*$scale/100 : $Event->Width()), + ($scale ? $Event->Height()*$scale/100 : $Event->Height()) + ), + $frame['FrameId']) + ?> From ac8197f2e5c9946195ab1110cc0a02696d977d49 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 11:25:49 -0400 Subject: [PATCH 123/360] fix eslint errors in monitor.js --- web/skins/classic/views/js/monitor.js | 29 +++++++++++++-------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/web/skins/classic/views/js/monitor.js b/web/skins/classic/views/js/monitor.js index 7456c8c1b..bf5e4d900 100644 --- a/web/skins/classic/views/js/monitor.js +++ b/web/skins/classic/views/js/monitor.js @@ -76,27 +76,26 @@ function initPage() { document.querySelectorAll('input[name="newMonitor[MaxFPS]"]').forEach(function(el) { el.oninput = el.onclick = function(e) { - if ( e.target.value ) { - console.log('showing'); - $j('#newMonitor\\[MaxFPS\\]').show(); - } else { - $j('#newMonitor\\[MaxFPS\\]').hide(); - } - }; + if ( e.target.value ) { + console.log('showing'); + $j('#newMonitor\\[MaxFPS\\]').show(); + } else { + $j('#newMonitor\\[MaxFPS\\]').hide(); + } + }; }); document.querySelectorAll('input[name="newMonitor[AlarmMaxFPS]"]').forEach(function(el) { el.oninput = el.onclick = function(e) { - if ( e.target.value ) { - console.log('showing'); - $j('#newMonitor\\[AlarmMaxFPS\\]').show(); - } else { - $j('#newMonitor\\[AlarmMaxFPS\\]').hide(); - } - }; + if ( e.target.value ) { + console.log('showing'); + $j('#newMonitor\\[AlarmMaxFPS\\]').show(); + } else { + $j('#newMonitor\\[AlarmMaxFPS\\]').hide(); + } + }; }); $j('.chosen').chosen(); - } // end function initPage() window.addEventListener('DOMContentLoaded', initPage); From c4d76f03c92a7a7d034004d30ead741936f2a9a4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 12:09:32 -0400 Subject: [PATCH 124/360] Introduce ZM_PATH_SHUTDOWN to cmake config --- CMakeLists.txt | 2 ++ distros/debian/rules | 7 ++++--- distros/ubuntu1204/rules | 1 + distros/ubuntu1604/rules | 1 + misc/CMakeLists.txt | 1 + web/includes/actions/shutdown.php | 6 +++--- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0973f8726..85e17fccc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -166,6 +166,8 @@ set(ZM_DIR_SOUNDS "sounds" CACHE PATH "Location to look for optional sound files, default: sounds") set(ZM_PATH_ZMS "/cgi-bin/nph-zms" CACHE PATH "Web url to zms streaming server, default: /cgi-bin/nph-zms") +set(ZM_PATH_SHUTDOWN "/sbin/shutdown" CACHE PATH + "Path to shutdown binary, default: /sbin/shutdown") # Advanced set(ZM_PATH_MAP "/dev/shm" CACHE PATH diff --git a/distros/debian/rules b/distros/debian/rules index 6185838e0..bf11ee2de 100755 --- a/distros/debian/rules +++ b/distros/debian/rules @@ -21,10 +21,11 @@ override_dh_auto_configure: -DZM_CGIDIR=/usr/lib/zoneminder/cgi-bin \ -DZM_WEB_USER=www-data \ -DZM_WEB_GROUP=www-data \ - -DZM_CONFIG_SUBDIR="/etc/zm/conf.d" \ + -DZM_CONFIG_SUBDIR="/etc/zm/conf.d" \ -DZM_CONFIG_DIR="/etc/zm" \ - -DZM_DIR_EVENTS="/var/cache/zoneminder/events" \ - -DZM_PATH_ZMS="/zm/cgi-bin/nph-zms" + -DZM_DIR_EVENTS="/var/cache/zoneminder/events" \ + -DZM_PATH_SHUTDOWN="/sbin/shutdown" \ + -DZM_PATH_ZMS="/zm/cgi-bin/nph-zms" override_dh_auto_install: dh_auto_install --buildsystem=cmake diff --git a/distros/ubuntu1204/rules b/distros/ubuntu1204/rules index 20dd303f8..657697fcf 100755 --- a/distros/ubuntu1204/rules +++ b/distros/ubuntu1204/rules @@ -27,6 +27,7 @@ override_dh_auto_configure: -DZM_CGIDIR="/usr/lib/zoneminder/cgi-bin" \ -DZM_CACHEDIR="/var/cache/zoneminder/cache" \ -DZM_DIR_EVENTS="/var/cache/zoneminder/events" \ + -DZM_PATH_SHUTDOWN="/sbin/shutdown" \ -DZM_PATH_ZMS="/zm/cgi-bin/nph-zms" override_dh_clean: diff --git a/distros/ubuntu1604/rules b/distros/ubuntu1604/rules index 98b9ac0a2..c671a1b03 100755 --- a/distros/ubuntu1604/rules +++ b/distros/ubuntu1604/rules @@ -27,6 +27,7 @@ override_dh_auto_configure: -DZM_CGIDIR="/usr/lib/zoneminder/cgi-bin" \ -DZM_CACHEDIR="/var/cache/zoneminder/cache" \ -DZM_DIR_EVENTS="/var/cache/zoneminder/events" \ + -DZM_PATH_SHUTDOWN="/sbin/shutdown" \ -DZM_PATH_ZMS="/zm/cgi-bin/nph-zms" override_dh_clean: diff --git a/misc/CMakeLists.txt b/misc/CMakeLists.txt index 990b8ce06..f794241a8 100644 --- a/misc/CMakeLists.txt +++ b/misc/CMakeLists.txt @@ -10,6 +10,7 @@ configure_file(com.zoneminder.systemctl.rules.in "${CMAKE_CURRENT_BINARY_DIR}/co configure_file(zoneminder.service.in "${CMAKE_CURRENT_BINARY_DIR}/zoneminder.service" @ONLY) configure_file(zoneminder-tmpfiles.conf.in "${CMAKE_CURRENT_BINARY_DIR}/zoneminder-tmpfiles.conf" @ONLY) configure_file(zoneminder.desktop.in "${CMAKE_CURRENT_BINARY_DIR}/zoneminder.desktop" @ONLY) +configure_file(zm-sudo.in "${CMAKE_CURRENT_BINARY_DIR}/zm-sudo" @ONLY) # Do not install the misc files by default #install(FILES "${CMAKE_CURRENT_BINARY_DIR}/apache.conf" "${CMAKE_CURRENT_BINARY_DIR}/logrotate.conf" "${CMAKE_CURRENT_BINARY_DIR}/syslog.conf" DESTINATION "${CMAKE_INSTALL_DATADIR}/zoneminder/misc") diff --git a/web/includes/actions/shutdown.php b/web/includes/actions/shutdown.php index f6d31b4f4..4d7a4ee78 100644 --- a/web/includes/actions/shutdown.php +++ b/web/includes/actions/shutdown.php @@ -27,18 +27,18 @@ if ( $action ) { if ( $action == 'shutdown' ) { $output = array(); $rc = 0; - exec("sudo -n /sbin/shutdown -P $when 2>&1", $output, $rc); + exec('sudo -n '.ZM_PATH_SHUTDOWN." -P $when 2>&1", $output, $rc); #exec('sudo -n /bin/systemctl poweroff -i 2>&1', $output, $rc); ZM\Logger::Debug("Shutdown output $rc " . implode("\n",$output)); #ZM\Logger::Debug("Shutdown output " . shell_exec('/bin/systemctl poweroff -i 2>&1')); } else if ( $action == 'restart' ) { $output = array(); - exec("sudo -n /sbin/shutdown -r $when 2>&1", $output); + exec('sudo -n '.ZM_PATH_SHUTDOWN." -r $when 2>&1", $output); #exec('sudo -n /bin/systemctl reboot -i 2>&1', $output); ZM\Logger::Debug("Shutdown output " . implode("\n",$output)); } else if ( $action == 'cancel' ) { $output = array(); - exec('sudo /sbin/shutdown -c 2>&1', $output); + exec('sudo '.ZM_PATH_SHUTDOWN.' -c 2>&1', $output); } } # end if action ?> From 8b4fddadfbe556e71403ac1f5e0f6f19036265a5 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 12:29:29 -0400 Subject: [PATCH 125/360] out_frame->pts is calculated in resample_audio --- src/zm_videostore.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 85f5282b9..ea2b314dc 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -945,7 +945,6 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { } else { Debug(3, "opkt.dts = undef"); opkt.dts = video_out_stream->cur_dts; - //opkt.dts = 0; } # if 0 @@ -1012,7 +1011,6 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { return 0; } - out_frame->pts = in_frame->pts; zm_dump_frame(out_frame, "Out frame after resample"); // out_frame pts is in the input pkt pts... needs to be adjusted before sending to the encoder if ( out_frame->pts != AV_NOPTS_VALUE ) { From 663f941963776a3f817f9842edcbf6873521fcf9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 12:31:18 -0400 Subject: [PATCH 126/360] If we can't find a packet before ours in the queue, then stick it at the front of the queue, not the end. --- src/zm_packetqueue.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/zm_packetqueue.cpp b/src/zm_packetqueue.cpp index c1fcc3db9..1188da8ff 100644 --- a/src/zm_packetqueue.cpp +++ b/src/zm_packetqueue.cpp @@ -96,7 +96,8 @@ bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) { } Debug(1,"Unable to insert packet for stream %d with dts %" PRId64 " into queue.", zm_packet->packet.stream_index, zm_packet->packet.dts); - pktQueue.push_back(zm_packet); + // Must be before any packets in the queue. Stick it at the beginning + pktQueue.push(zm_packet); packet_counts[zm_packet->packet.stream_index] += 1; return true; } // end bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) From 94f2c7656246445266991ce6614e0bdec2ddbf0c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 12:31:53 -0400 Subject: [PATCH 127/360] fix trailing whitespace --- distros/debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/distros/debian/rules b/distros/debian/rules index bf11ee2de..13e36d461 100755 --- a/distros/debian/rules +++ b/distros/debian/rules @@ -25,7 +25,7 @@ override_dh_auto_configure: -DZM_CONFIG_DIR="/etc/zm" \ -DZM_DIR_EVENTS="/var/cache/zoneminder/events" \ -DZM_PATH_SHUTDOWN="/sbin/shutdown" \ - -DZM_PATH_ZMS="/zm/cgi-bin/nph-zms" + -DZM_PATH_ZMS="/zm/cgi-bin/nph-zms" override_dh_auto_install: dh_auto_install --buildsystem=cmake From c44967f770e04f5e7efab68c09ab488bf3433e82 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 12:47:38 -0400 Subject: [PATCH 128/360] fix push to push_front --- src/zm_packetqueue.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_packetqueue.cpp b/src/zm_packetqueue.cpp index 1188da8ff..81fbb09c4 100644 --- a/src/zm_packetqueue.cpp +++ b/src/zm_packetqueue.cpp @@ -97,7 +97,7 @@ bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) { Debug(1,"Unable to insert packet for stream %d with dts %" PRId64 " into queue.", zm_packet->packet.stream_index, zm_packet->packet.dts); // Must be before any packets in the queue. Stick it at the beginning - pktQueue.push(zm_packet); + pktQueue.push_front(zm_packet); packet_counts[zm_packet->packet.stream_index] += 1; return true; } // end bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) From 3acbf1551d8199da87a73f54953fdc1ff3e35661 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 13:26:29 -0400 Subject: [PATCH 129/360] add zm-sudo.in --- misc/zm-sudo.in | 1 + 1 file changed, 1 insertion(+) create mode 100644 misc/zm-sudo.in diff --git a/misc/zm-sudo.in b/misc/zm-sudo.in new file mode 100644 index 000000000..c55a7b135 --- /dev/null +++ b/misc/zm-sudo.in @@ -0,0 +1 @@ +@WEB_USER@ ALL=NOPASSWD: @SBINDDIR@/shutdown From 049b70a624092743f0890ad4116e75ad445a6eb9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 17:15:46 -0400 Subject: [PATCH 130/360] junk bad code in zm_eventstream that tried to figure out how long to sleep by considering the wall clock time since play start. No good as soon as we seek. --- src/zm_eventstream.cpp | 50 +++++++++++++++++------------------------- 1 file changed, 20 insertions(+), 30 deletions(-) diff --git a/src/zm_eventstream.cpp b/src/zm_eventstream.cpp index a2dd02ac0..5439b42e8 100644 --- a/src/zm_eventstream.cpp +++ b/src/zm_eventstream.cpp @@ -81,12 +81,15 @@ bool EventStream::loadInitialEventData( int monitor_id, time_t event_time ) { Debug(3, "Set curr_stream_time:%.2f, curr_frame_id:%d", curr_stream_time, curr_frame_id); break; } - } + } // end foreach frame Debug(3, "Skipping %ld frames", event_data->frame_count); + } else { + Warning("Requested an event time less than the start of the event. event_time %.2f < start_time %.2f", + event_time, event_data->start_time); } - } + } // end if have a start time return true; -} +} // bool EventStream::loadInitialEventData( int monitor_id, time_t event_time ) bool EventStream::loadInitialEventData( uint64_t init_event_id, unsigned int init_frame_id ) { loadEventData(init_event_id); @@ -237,13 +240,13 @@ bool EventStream::loadEventData(uint64_t event_id) { event_data->frames[i-1].timestamp = last_timestamp + ((i-last_id)*frame_delta); event_data->frames[i-1].offset = event_data->frames[i-1].timestamp - event_data->start_time; event_data->frames[i-1].in_db = false; - Debug(3,"Frame %d timestamp:(%f), offset(%f) delta(%f), in_db(%d)", - i, - event_data->frames[i-1].timestamp, - event_data->frames[i-1].offset, - event_data->frames[i-1].delta, - event_data->frames[i-1].in_db - ); + Debug(3,"Frame %d timestamp:(%f), offset(%f) delta(%f), in_db(%d)", + i, + event_data->frames[i-1].timestamp, + event_data->frames[i-1].offset, + event_data->frames[i-1].delta, + event_data->frames[i-1].in_db + ); } } event_data->frames[id-1].timestamp = event_data->start_time + delta; @@ -277,7 +280,7 @@ bool EventStream::loadEventData(uint64_t event_id) { snprintf(filepath, sizeof(filepath), "%s/%s", event_data->path, event_data->video_file); Debug(1, "Loading video file from %s", filepath); ffmpeg_input = new FFmpeg_Input(); - if ( 0 > ffmpeg_input->Open( filepath ) ) { + if ( 0 > ffmpeg_input->Open(filepath) ) { Warning("Unable to open ffmpeg_input %s/%s", event_data->path, event_data->video_file); delete ffmpeg_input; ffmpeg_input = NULL; @@ -290,7 +293,8 @@ bool EventStream::loadEventData(uint64_t event_id) { else curr_stream_time = event_data->frames[event_data->frame_count-1].timestamp; } - Debug(2, "Event:%" PRIu64 ", Frames:%ld, Duration: %.2f", event_data->event_id, event_data->frame_count, event_data->duration); + Debug(2, "Event:%" PRIu64 ", Frames:%ld, Duration: %.2f", + event_data->event_id, event_data->frame_count, event_data->duration); return true; } // bool EventStream::loadEventData( int event_id ) @@ -470,6 +474,7 @@ void EventStream::processCommand(const CmdMsg *msg) { break; case CMD_SEEK : { + // offset is in seconds int offset = ((unsigned char)msg->msg_data[1]<<24)|((unsigned char)msg->msg_data[2]<<16)|((unsigned char)msg->msg_data[3]<<8)|(unsigned char)msg->msg_data[4]; curr_frame_id = (int)(event_data->frame_count*offset/event_data->duration); Debug(1, "Got SEEK command, to %d (new cfid: %d)", offset, curr_frame_id); @@ -590,14 +595,13 @@ void EventStream::checkEventLoaded() { Image * EventStream::getImage( ) { static char filepath[PATH_MAX]; - Debug(2, "EventStream::getImage path(%s) frame(%d)", event_data->path, curr_frame_id); snprintf(filepath, sizeof(filepath), staticConfig.capture_file_format, event_data->path, curr_frame_id); - Debug(2, "EventStream::getImage path(%s) ", filepath, curr_frame_id); + Debug(2, "EventStream::getImage path(%s) from %s frame(%d) ", filepath, event_data->path, curr_frame_id); Image *image = new Image(filepath); return image; } -bool EventStream::sendFrame( int delta_us ) { +bool EventStream::sendFrame(int delta_us) { Debug(2, "Sending frame %d", curr_frame_id); static char filepath[PATH_MAX]; @@ -626,7 +630,6 @@ bool EventStream::sendFrame( int delta_us ) { #if HAVE_LIBAVCODEC if ( type == STREAM_MPEG ) { -Debug(2,"Streaming MPEG"); Image image(filepath); Image *send_image = prepareImage(&image); @@ -788,7 +791,6 @@ void EventStream::runStream() { updateFrameRate((double)event_data->frame_count/event_data->duration); gettimeofday(&start, NULL); uint64_t start_usec = start.tv_sec * 1000000 + start.tv_usec; - uint64_t last_frame_offset = 0; while ( !zm_terminate ) { gettimeofday(&now, NULL); @@ -923,21 +925,9 @@ Debug(3,"cur_frame_id (%d-1) mod frame_mod(%d)",curr_frame_id, frame_mod); // you can calculate the relationship between now and the start // or calc the relationship from the last frame. I think from the start is better as it self-corrects - if ( last_frame_offset ) { - // We assume that we are going forward and the next frame is in the future. - delta_us = frame_data->offset * 1000000 - (now_usec-start_usec); - // - (now_usec - start_usec); - Debug(2, "New delta_us now %" PRIu64 " - start %" PRIu64 " = %d offset %" PRId64 " - elapsed = %dusec", - now_usec, start_usec, now_usec-start_usec, frame_data->offset * 1000000, delta_us); - } else { - Debug(2, "No last frame_offset, no sleep"); - delta_us = 0; - } - last_frame_offset = frame_data->offset * 1000000; - if ( send_frame && type != STREAM_MPEG ) { if ( delta_us > 0 ) { - Debug( 3, "dUs: %d", delta_us ); + Debug(3, "dUs: %d", delta_us); usleep(delta_us); Debug(3, "Done sleeping: %d usec", delta_us); } From 7b06f585591e332d65c4947066205a2eb8e09136 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 27 May 2019 17:16:23 -0400 Subject: [PATCH 131/360] Limit Connection error logs to every 10 minutes instead of every 10 seconds. Connection attempts still happen at 10 second intervals --- src/zmc.cpp | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/src/zmc.cpp b/src/zmc.cpp index 3620a67ca..bebc0bc7d 100644 --- a/src/zmc.cpp +++ b/src/zmc.cpp @@ -234,6 +234,8 @@ int main(int argc, char *argv[]) { int result = 0; + int prime_capture_log_count = 0; + while ( !zm_terminate ) { result = 0; static char sql[ZM_SQL_SML_BUFSIZ]; @@ -247,21 +249,19 @@ int main(int argc, char *argv[]) { if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); } - } + } // end foreach monitor + // Outer primary loop, handles connection to camera if ( monitors[0]->PrimeCapture() < 0 ) { - Error("Failed to prime capture of initial monitor"); + if ( prime_capture_log_count % 60 ) { + Error("Failed to prime capture of initial monitor"); + } else { + Debug(1, "Failed to prime capture of initial monitor"); + } + prime_capture_log_count ++; sleep(10); continue; } - for ( int i = 0; i < n_monitors; i++ ) { - snprintf(sql, sizeof(sql), - "REPLACE INTO Monitor_Status (MonitorId, Status) VALUES ('%d','Connected')", - monitors[i]->Id()); - if ( mysql_query(&dbconn, sql) ) { - Error("Can't run query: %s", mysql_error(&dbconn)); - } - } int *capture_delays = new int[n_monitors]; int *alarm_capture_delays = new int[n_monitors]; @@ -271,7 +271,13 @@ int main(int argc, char *argv[]) { last_capture_times[i].tv_sec = last_capture_times[i].tv_usec = 0; capture_delays[i] = monitors[i]->GetCaptureDelay(); alarm_capture_delays[i] = monitors[i]->GetAlarmCaptureDelay(); - } + snprintf(sql, sizeof(sql), + "REPLACE INTO Monitor_Status (MonitorId, Status) VALUES ('%d','Connected')", + monitors[i]->Id()); + if ( mysql_query(&dbconn, sql) ) { + Error("Can't run query: %s", mysql_error(&dbconn)); + } + } // end foreach monitor struct timeval now; struct DeltaTimeval delta_time; From a244af49ad82cf9cf962d006742b2842d9373c23 Mon Sep 17 00:00:00 2001 From: Kirill Zhuykov Date: Tue, 28 May 2019 17:57:01 +0300 Subject: [PATCH 132/360] fix #2622 (#2623) --- db/zm_create.sql.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index 557745ab9..510a65082 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -742,7 +742,7 @@ insert into Storage VALUES (NULL, '@ZM_DIR_EVENTS@', 'Default', 'local', NULL, N -- -- Create a default admin user. -- -insert into Users VALUES (NULL,'admin',password('admin'),'',1,'View','Edit','Edit','Edit','Edit','Edit','Edit','',''); +insert into Users VALUES (NULL,'admin',password('admin'),'',1,'View','Edit','Edit','Edit','Edit','Edit','Edit','','',0,1); -- -- Add a sample filter to purge the oldest 100 events when the disk is 95% full From df19e98f2865669b4fd7a416172d39c57060857c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 28 May 2019 10:59:58 -0400 Subject: [PATCH 133/360] Add auto dput when interactive==no --- utils/do_debian_package.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/do_debian_package.sh b/utils/do_debian_package.sh index b8688d57c..0b9e18ee7 100755 --- a/utils/do_debian_package.sh +++ b/utils/do_debian_package.sh @@ -326,6 +326,8 @@ EOF if [[ "$REPLY" == [yY] ]]; then dput $PPA $SC fi; + else + dput $PPA $SC fi; fi; done; # foreach distro From bc0565858b18405a5815c775b860c99178d0faec Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Tue, 28 May 2019 13:44:06 -0400 Subject: [PATCH 134/360] check for API disabled only when auth is on (#2624) --- web/api/app/Controller/AppController.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php index eeda4b105..6b71ffb84 100644 --- a/web/api/app/Controller/AppController.php +++ b/web/api/app/Controller/AppController.php @@ -120,11 +120,11 @@ class AppController extends Controller { return; } } # end if ! login or logout + if ($user['APIEnabled'] == 0 ) { + throw new UnauthorizedException(__('API Disabled')); + return; + } } # end if ZM_OPT_AUTH // make sure populated user object has APIs enabled - if ($user['APIEnabled'] == 0 ) { - throw new UnauthorizedException(__('API Disabled')); - return; - } } # end function beforeFilter() } From 07d4310466e192eb452474899d92710a218f044b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 29 May 2019 08:40:48 -0400 Subject: [PATCH 135/360] Can't cache-bust jquery-ui-theme.css as it loads sprites by relative path --- web/skins/classic/includes/functions.php | 32 +++++++++++++----------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index d0ce75abb..7cc8283ac 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -19,34 +19,35 @@ // -function xhtmlHeaders( $file, $title ) { +function xhtmlHeaders($file, $title) { global $css; global $skin; global $view; # This idea is that we always include the classic css files, # and then any different skin only needs to contain things that are different. - $baseCssPhpFile = getSkinFile( 'css/base/skin.css.php' ); + $baseCssPhpFile = getSkinFile('css/base/skin.css.php'); - $skinCssPhpFile = getSkinFile( 'css/'.$css.'/skin.css.php' ); + $skinCssPhpFile = getSkinFile('css/'.$css.'/skin.css.php'); - $skinJsFile = getSkinFile( 'js/skin.js' ); - $skinJsPhpFile = getSkinFile( 'js/skin.js.php' ); - $cssJsFile = getSkinFile( 'js/'.$css.'.js' ); + $skinJsFile = getSkinFile('js/skin.js'); + $skinJsPhpFile = getSkinFile('js/skin.js.php'); + $cssJsFile = getSkinFile('js/'.$css.'.js'); - $basename = basename( $file, '.php' ); + $basename = basename($file, '.php'); - $viewCssPhpFile = getSkinFile( '/css/'.$css.'/views/'.$basename.'.css.php' ); - $viewJsFile = getSkinFile( 'views/js/'.$basename.'.js' ); - $viewJsPhpFile = getSkinFile( 'views/js/'.$basename.'.js.php' ); + $viewCssPhpFile = getSkinFile('/css/'.$css.'/views/'.$basename.'.css.php'); + $viewJsFile = getSkinFile('views/js/'.$basename.'.js'); + $viewJsPhpFile = getSkinFile('views/js/'.$basename.'.js.php'); - extract( $GLOBALS, EXTR_OVERWRITE ); - function output_link_if_exists( $files ) { + extract($GLOBALS, EXTR_OVERWRITE); + + function output_link_if_exists($files) { global $skin; $html = array(); foreach ( $files as $file ) { - if ( getSkinFile( $file ) ) { - $html[] = ''; + if ( getSkinFile($file) ) { + $html[] = ''; } } return implode("\n", $html); @@ -83,11 +84,12 @@ echo output_link_if_exists( array( 'css/'.$css.'/views/'.$basename.'.css', 'js/dateTimePicker/jquery-ui-timepicker-addon.css', 'js/jquery-ui-1.12.1/jquery-ui.structure.min.css', - 'js/jquery-ui-1.12.1/jquery-ui.theme.min.css', + #'js/jquery-ui-1.12.1/jquery-ui.theme.min.css', 'css/'.$css.'/jquery-ui-theme.css', ) ); ?> + Date: Wed, 29 May 2019 09:23:56 -0400 Subject: [PATCH 136/360] Fix +/- buttons on new line in filter not having onclick events bound --- web/skins/classic/views/js/filter.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/web/skins/classic/views/js/filter.js b/web/skins/classic/views/js/filter.js index 8b6968668..49a882ee6 100644 --- a/web/skins/classic/views/js/filter.js +++ b/web/skins/classic/views/js/filter.js @@ -261,6 +261,11 @@ function addTerm( element ) { this[0].selected = 'selected'; }).chosen({width: '101%'}); newRow.find('input[type="text"]').val(''); + newRow[0].querySelectorAll("button[data-on-click-this]").forEach(function attachOnClick(el) { + var fnName = el.getAttribute("data-on-click-this"); + el.onclick = window[fnName].bind(el, el); + }); + var rows = $j(row).parent().children(); parseRows(rows); } From ee0c21d58768a0d5bfff5171637ddafec4ac8eaa Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 29 May 2019 10:28:25 -0400 Subject: [PATCH 137/360] Add API Enabled to User edit --- web/skins/classic/views/options.php | 2 ++ web/skins/classic/views/user.php | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index ba63d01b7..ea400339a 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -156,6 +156,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI + @@ -191,6 +192,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI + disabled="disabled"/> + + + + + + From 8e0f828aa1b1257b81bcdde9165ec4a061d57565 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 29 May 2019 10:28:42 -0400 Subject: [PATCH 138/360] Add APIEnabled to translations --- web/lang/en_gb.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index e84f0c0b4..9912df4f8 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -102,10 +102,11 @@ $SLANG = array( 'AlarmRGBUnset' => 'You must set an alarm RGB colour', 'Alert' => 'Alert', 'All' => 'All', - 'AllTokensRevoked' => 'All Tokens Revoked', + 'AllTokensRevoked' => 'All Tokens Revoked', 'AnalysisFPS' => 'Analysis FPS', 'AnalysisUpdateDelay' => 'Analysis Update Delay', - 'API' => 'API', + 'API' => 'API', + 'APIEnabled' => 'API Enabled', 'Apply' => 'Apply', 'ApplyingStateChange' => 'Applying State Change', 'ArchArchived' => 'Archived Only', From 628760d5b9ad63ed7abefeab2d1ddd00beb4adee Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 29 May 2019 10:29:03 -0400 Subject: [PATCH 139/360] Spacing and braces cleanup from asker's code --- web/includes/actions/user.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/web/includes/actions/user.php b/web/includes/actions/user.php index 2b520cd10..bb4f24fb8 100644 --- a/web/includes/actions/user.php +++ b/web/includes/actions/user.php @@ -32,16 +32,15 @@ if ( $action == 'user' ) { $pass_hash = '"'.password_hash($pass, PASSWORD_BCRYPT).'"'; } else { $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; - ZM\Info ('Cannot use bcrypt as you are using PHP < 5.5'); + ZM\Info('Cannot use bcrypt as you are using PHP < 5.5'); } if ( $_REQUEST['newUser']['Password'] ) { $changes['Password'] = 'Password = '.$pass_hash; - ZM\Info ("PASS CMD=".$changes['Password']); - } - - else + ZM\Info('PASS CMD='.$changes['Password']); + } else { unset($changes['Password']); + } if ( count($changes) ) { if ( !empty($_REQUEST['uid']) ) { @@ -69,10 +68,9 @@ if ( $action == 'user' ) { $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; ZM\Info ('Cannot use bcrypt as you are using PHP < 5.3'); } - if ( !empty($_REQUEST['newUser']['Password']) ) { - ZM\Info ("PASS CMD=".$changes['Password']); + ZM\Info('PASS CMD='.$changes['Password']); $changes['Password'] = 'Password = '.$pass_hash; } From ba96f0709c063053890a214a4000e06639e9efe4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 30 May 2019 09:58:54 -0400 Subject: [PATCH 140/360] fix saving user using password_hash --- web/includes/actions/user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/includes/actions/user.php b/web/includes/actions/user.php index bb4f24fb8..988b40be1 100644 --- a/web/includes/actions/user.php +++ b/web/includes/actions/user.php @@ -28,8 +28,8 @@ if ( $action == 'user' ) { $types = array(); $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types); - if (function_exists ('password_hash')) { - $pass_hash = '"'.password_hash($pass, PASSWORD_BCRYPT).'"'; + if ( function_exists('password_hash') ) { + $pass_hash = '"'.password_hash($_REQUEST['newUser']['Password'], PASSWORD_BCRYPT).'"'; } else { $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; ZM\Info('Cannot use bcrypt as you are using PHP < 5.5'); From 75ec4818a6a535ca352c0ff31e8a58ce9413d316 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 31 May 2019 10:15:02 -0400 Subject: [PATCH 141/360] WHen saving a monitor, only start zmc and zma if appropriate --- web/includes/actions/monitor.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/web/includes/actions/monitor.php b/web/includes/actions/monitor.php index f97441fd9..6e0dc5405 100644 --- a/web/includes/actions/monitor.php +++ b/web/includes/actions/monitor.php @@ -202,16 +202,16 @@ ZM\Logger::Debug("newMonitor:". print_r($_REQUEST['newMonitor'],true)); if ( $restart ) { $new_monitor = new ZM\Monitor($mid); - //fixDevices(); - if ( $new_monitor->Type() != 'WebSite' ) { + if ( $new_monitor->Function() != 'None' and $new_monitor->Type() != 'WebSite' ) { $new_monitor->zmcControl('start'); - $new_monitor->zmaControl('start'); - } + if ( ($new_monitor->Function() == 'Modect' or $new_monitor->Function == 'Moocord') and $new_monitor->Enabled() ) + $new_monitor->zmaControl('start'); - if ( $new_monitor->Controllable() ) { - require_once('includes/control_functions.php'); - sendControlCommand($mid, 'quit'); + if ( $new_monitor->Controllable() ) { + require_once('includes/control_functions.php'); + sendControlCommand($mid, 'quit'); + } } // really should thump zmwatch and maybe zmtrigger too. //daemonControl( 'restart', 'zmwatch.pl' ); From b0869a0b130c1274baddff451d480ed0fc95d190 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 31 May 2019 10:34:53 -0400 Subject: [PATCH 142/360] spaces and quotes --- web/includes/functions.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 141dbfea6..29293afde 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -834,11 +834,11 @@ function daemonControl( $command, $daemon=false, $args=false ) { $string = escapeshellcmd( $string ); #$string .= ' 2>/dev/null >&- <&- >/dev/null'; ZM\Logger::Debug("daemonControl $string"); - exec( $string ); + exec($string); } function zmcControl($monitor, $mode=false) { - $Monitor = new ZM\Monitor( $monitor ); + $Monitor = new ZM\Monitor($monitor); return $Monitor->zmcControl($mode); } @@ -852,8 +852,8 @@ function initDaemonStatus() { if ( !isset($daemon_status) ) { if ( daemonCheck() ) { - $string = ZM_PATH_BIN."/zmdc.pl status"; - $daemon_status = shell_exec( $string ); + $string = ZM_PATH_BIN.'/zmdc.pl status'; + $daemon_status = shell_exec($string); } else { $daemon_status = ''; } From 274737d1b1d4388835cdab901e59ec651018140f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 31 May 2019 10:35:18 -0400 Subject: [PATCH 143/360] Fix moocord to mocord. --- web/includes/actions/monitor.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/web/includes/actions/monitor.php b/web/includes/actions/monitor.php index 6e0dc5405..cfa5c8c62 100644 --- a/web/includes/actions/monitor.php +++ b/web/includes/actions/monitor.php @@ -20,7 +20,7 @@ // Monitor edit actions, monitor id derived, require edit permissions for that monitor if ( ! canEdit('Monitors') ) { - ZM\Warning("Monitor actions require Monitors Permissions"); + ZM\Warning('Monitor actions require Monitors Permissions'); return; } @@ -59,8 +59,8 @@ if ( $action == 'monitor' ) { if ( $_REQUEST['newMonitor']['ServerId'] == 'auto' ) { $_REQUEST['newMonitor']['ServerId'] = dbFetchOne( 'SELECT Id FROM Servers WHERE Status=\'Running\' ORDER BY FreeMem DESC, CpuLoad ASC LIMIT 1', 'Id'); - ZM\Logger::Debug('Auto selecting server: Got ' . $_REQUEST['newMonitor']['ServerId'] ); - if ( ( ! $_REQUEST['newMonitor'] ) and defined('ZM_SERVER_ID') ) { + ZM\Logger::Debug('Auto selecting server: Got ' . $_REQUEST['newMonitor']['ServerId']); + if ( ( !$_REQUEST['newMonitor'] ) and defined('ZM_SERVER_ID') ) { $_REQUEST['newMonitor']['ServerId'] = ZM_SERVER_ID; ZM\Logger::Debug('Auto selecting server to ' . ZM_SERVER_ID); } @@ -77,8 +77,8 @@ ZM\Logger::Debug("newMonitor:". print_r($_REQUEST['newMonitor'],true)); # If we change anything that changes the shared mem size, zma can complain. So let's stop first. if ( $monitor['Type'] != 'WebSite' ) { - zmaControl($monitor, 'stop'); - zmcControl($monitor, 'stop'); + $Monitor->zmaControl('stop'); + $Monitor->zmcControl('stop'); } dbQuery('UPDATE Monitors SET '.implode(', ', $changes).' WHERE Id=?', array($mid)); // Groups will be added below @@ -205,7 +205,7 @@ ZM\Logger::Debug("newMonitor:". print_r($_REQUEST['newMonitor'],true)); if ( $new_monitor->Function() != 'None' and $new_monitor->Type() != 'WebSite' ) { $new_monitor->zmcControl('start'); - if ( ($new_monitor->Function() == 'Modect' or $new_monitor->Function == 'Moocord') and $new_monitor->Enabled() ) + if ( ($new_monitor->Function() == 'Modect' or $new_monitor->Function == 'Mocord') and $new_monitor->Enabled() ) $new_monitor->zmaControl('start'); if ( $new_monitor->Controllable() ) { From eaa1939f6b95389ae378ea21a109e1390b4f1bba Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 31 May 2019 10:35:54 -0400 Subject: [PATCH 144/360] comment out debug lines --- web/includes/actions/monitor.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/includes/actions/monitor.php b/web/includes/actions/monitor.php index cfa5c8c62..9803bad59 100644 --- a/web/includes/actions/monitor.php +++ b/web/includes/actions/monitor.php @@ -68,9 +68,9 @@ if ( $action == 'monitor' ) { $columns = getTableColumns('Monitors'); $changes = getFormChanges($monitor, $_REQUEST['newMonitor'], $types, $columns); -ZM\Logger::Debug("Columns:". print_r($columns,true)); -ZM\Logger::Debug("Changes:". print_r($changes,true)); -ZM\Logger::Debug("newMonitor:". print_r($_REQUEST['newMonitor'],true)); +#ZM\Logger::Debug("Columns:". print_r($columns,true)); +#ZM\Logger::Debug("Changes:". print_r($changes,true)); +#ZM\Logger::Debug("newMonitor:". print_r($_REQUEST['newMonitor'],true)); if ( count($changes) ) { if ( $mid ) { From aefd735abb29b9d8e0400dd8a61da763d8fe5b69 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 31 May 2019 11:00:30 -0400 Subject: [PATCH 145/360] quotes --- web/skins/classic/views/storage.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/skins/classic/views/storage.php b/web/skins/classic/views/storage.php index 93dd788b7..8cfd5cb88 100644 --- a/web/skins/classic/views/storage.php +++ b/web/skins/classic/views/storage.php @@ -18,7 +18,7 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // -if ( !canEdit( 'System' ) ) { +if ( !canEdit('System') ) { $view = 'error'; return; } @@ -55,12 +55,12 @@ foreach ( $servers as $S ) { } $focusWindow = true; -xhtmlHeaders(__FILE__, translate('Storage')." - ".$newStorage['Name'] ); +xhtmlHeaders(__FILE__, translate('Storage').' - '.$newStorage['Name']); ?>
From 7445f5588f4a2bf10d07651dd1e7b98734223c72 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 31 May 2019 11:01:09 -0400 Subject: [PATCH 146/360] show storage when there are 4 areas. Used to only do it for < 4 --- web/skins/classic/includes/functions.php | 27 +++++++++++++++--------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index 7cc8283ac..2debc045b 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -302,7 +302,7 @@ if ( ZM_OPT_X10 && canView('Devices') ) { ?> // if canview_reports ?>
- -

account_circle

- - + +

+ account_circle + +

+

@@ -349,7 +356,7 @@ if (isset($_REQUEST['filter']['Query']['terms']['attr'])) { } //end reload null. Runs on full page load if ( (!ZM_OPT_USE_AUTH) or $user ) { -if ($reload == 'reload') ob_start(); + if ($reload == 'reload') ob_start(); ?>

@@ -360,7 +367,7 @@ if ($reload == 'reload') ob_start();
  • trending_up :
    • -storage + storage '.$S->Name() . ': ' . $S->disk_usage_percent().'%' . ''; }; #$func = function($S){ return ''.$S->Name() . ': ' . $S->disk_usage_percent().'%' . ''; }; - if ( count($storage_areas) >= 4 ) + if ( count($storage_areas) > 4 ) $storage_areas = ZM\Storage::find( array('ServerId'=>null) ); - if ( count($storage_areas) < 4 ) + if ( count($storage_areas) <= 4 ) echo implode( ', ', array_map ( $func, $storage_areas ) ); echo ' ' . ZM_PATH_MAP .': '. getDiskPercent(ZM_PATH_MAP).'%'; ?> @@ -401,7 +408,7 @@ if ($reload == 'reload') ob_start();
From 1d132b59235286a19635096aca975e386a1c29fa Mon Sep 17 00:00:00 2001 From: Gleb Popov <6yearold@gmail.com> Date: Sun, 2 Jun 2019 00:43:29 +0400 Subject: [PATCH 147/360] When writing MP4 sample, save buffer.size() into a temporary variable before calling buffer.extract(). (#2628) --- src/zm_video.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/zm_video.cpp b/src/zm_video.cpp index 07bedc683..309c507c0 100644 --- a/src/zm_video.cpp +++ b/src/zm_video.cpp @@ -101,7 +101,7 @@ X264MP4Writer::X264MP4Writer( Error("Failed init swscaleobj"); return; } - + swscaleobj.SetDefaults(zm_pf, codec_pf, width, height); /* Calculate the image sizes. We will need this for parameter checking */ @@ -458,11 +458,12 @@ int X264MP4Writer::x264encodeloop(bool bFlush) { /* Write the sample */ if ( !buffer.empty() ) { + unsigned int bufSize = buffer.size(); if ( !MP4WriteSample( mp4h, mp4vtid, - buffer.extract(buffer.size()), - buffer.size(), + buffer.extract(bufSize), + bufSize, duration, offset, prevKeyframe) ) { From 0699b210174d22c28879822ed16dc56cdc8b159f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 3 Jun 2019 09:45:50 -0400 Subject: [PATCH 148/360] Remove libjson-any-perl as a dependency. Fixes #2630 --- distros/debian/control | 4 ++-- distros/ubuntu1204/control | 3 +-- distros/ubuntu1604/control | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/distros/debian/control b/distros/debian/control index 3296b88c3..6bb59f206 100644 --- a/distros/debian/control +++ b/distros/debian/control @@ -21,7 +21,7 @@ Build-Depends: debhelper (>= 9), cmake , libphp-serialization-perl , libdate-manip-perl, libmime-lite-perl, libmime-tools-perl, libdbd-mysql-perl , libwww-perl, libarchive-tar-perl, libarchive-zip-perl, libdevice-serialport-perl - , libmodule-load-perl, libsys-mmap-perl, libjson-any-perl + , libmodule-load-perl, libsys-mmap-perl, libjson-maybexs-perl , libnet-sftp-foreign-perl, libio-pty-perl, libexpect-perl , libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl , libsys-cpu-perl, libsys-meminfo-perl @@ -39,7 +39,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} , libphp-serialization-perl , libdate-manip-perl, libmime-lite-perl, libmime-tools-perl, libdbd-mysql-perl , libwww-perl, libarchive-tar-perl, libarchive-zip-perl, libdevice-serialport-perl - , libmodule-load-perl, libsys-mmap-perl, libjson-any-perl, libjson-maybexs-perl + , libmodule-load-perl, libsys-mmap-perl, libjson-maybexs-perl , libnet-sftp-foreign-perl, libio-pty-perl, libexpect-perl , libdata-dump-perl, libclass-std-fast-perl, libsoap-wsdl-perl, libio-socket-multicast-perl, libdigest-sha-perl , libsys-cpu-perl, libsys-meminfo-perl diff --git a/distros/ubuntu1204/control b/distros/ubuntu1204/control index 9e54e2aa3..cc6158334 100644 --- a/distros/ubuntu1204/control +++ b/distros/ubuntu1204/control @@ -52,7 +52,6 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,libdbd-mysql-perl ,libdevice-serialport-perl ,libimage-info-perl - ,libjson-any-perl ,libjson-maybexs-perl ,libsys-mmap-perl [!hurd-any] ,liburi-encode-perl @@ -98,7 +97,7 @@ Description: video camera security and surveillance solution # ,libdbd-mysql-perl # ,libdevice-serialport-perl # ,libimage-info-perl -# ,libjson-any-perl +# ,libjson-maybexs-perl # ,libsys-mmap-perl [!hurd-any] # ,liburi-encode-perl # ,libwww-perl diff --git a/distros/ubuntu1604/control b/distros/ubuntu1604/control index 7926fc346..68bc1757f 100644 --- a/distros/ubuntu1604/control +++ b/distros/ubuntu1604/control @@ -58,7 +58,6 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} ,libdbd-mysql-perl ,libdevice-serialport-perl ,libimage-info-perl - ,libjson-any-perl ,libjson-maybexs-perl ,libsys-mmap-perl [!hurd-any] ,liburi-encode-perl @@ -109,7 +108,7 @@ Description: video camera security and surveillance solution # ,libdbd-mysql-perl # ,libdevice-serialport-perl # ,libimage-info-perl -# ,libjson-any-perl +# ,libjson-maybexs-perl # ,libsys-mmap-perl [!hurd-any] # ,liburi-encode-perl # ,libwww-perl From 983da41c7a0be18ef833b54f213a71b4d1255b90 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 3 Jun 2019 09:46:28 -0400 Subject: [PATCH 149/360] Reduce log level for filter execution from Info to Debug --- scripts/zmfilter.pl.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index 82e2bfdbb..6540413b7 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -271,7 +271,7 @@ sub checkFilter { my $filter = shift; my @Events = $filter->Execute(); - Info( + Debug( join(' ', 'Checking filter', $filter->{Name}, join(', ', From a6f330385907d5258488ed3f0a8c657dba211f2e Mon Sep 17 00:00:00 2001 From: Tom Hodder Date: Tue, 4 Jun 2019 15:05:08 +0100 Subject: [PATCH 150/360] add options help to linked monitors option (#2633) * add options help to linked monitors option * fix typo and clarify instructions for new widget --- web/lang/en_gb.php | 11 +++++++++++ web/skins/classic/views/monitor.php | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 9912df4f8..4001c456e 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -1016,6 +1016,17 @@ $OLANG = array( for new images. In this case, it is safe to use the field. ' ), + 'OPTIONS_LINKED_MONITORS' => array( + 'Help' => ' + This field allows you to select other monitors on your system that act as + triggers for this monitor. So if you have a camera covering one aspect of + your property you can force all cameras to record while that camera + detects motion or other events. Click on ‘Select’ to choose linked monitors. + Be very careful not to create circular dependencies with this feature + because you will have infinitely persisting alarms which is almost + certainly not what you want! To unlink monitors you can ctrl-click. + ' + ), // 'LANG_DEFAULT' => array( // 'Prompt' => "This is a new prompt for this option", diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index c70893778..1430b93bf 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -716,7 +716,7 @@ switch ( $tab ) { if ( $monitor->Type != 'WebSite' ) { ?> - +  () V4LMultiBuffer() == 1 ? 'checked="checked"' : '' ) ?>/> + V4LMultiBuffer() == '1' ? 'checked="checked"' : '' ) ?>/> - V4LMultiBuffer() == 0 ? 'checked="checked"' : '' ) ?>/> + V4LMultiBuffer() == '0' ? 'checked="checked"' : '' ) ?>/> V4LMultiBuffer() ? 'checked="checked"' : '' ) ?>/> From b254e1e39269734bc082c6788ea3c2c7ebcc681e Mon Sep 17 00:00:00 2001 From: "fri.K" Date: Thu, 6 Jun 2019 18:58:33 +0200 Subject: [PATCH 162/360] For column name title field should be taken instead of array name (#2635) --- web/skins/classic/views/console.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/skins/classic/views/console.php b/web/skins/classic/views/console.php index 5353b3412..c4c99e166 100644 --- a/web/skins/classic/views/console.php +++ b/web/skins/classic/views/console.php @@ -214,7 +214,7 @@ ob_start(); '. $j .''; + echo ''. $eventCounts[$j]['title'] .''; } ?> From dfc60baf85067afb21714473d62f792154420264 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 6 Jun 2019 13:40:00 -0400 Subject: [PATCH 163/360] fix eslint spacing --- web/skins/classic/views/js/log.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/web/skins/classic/views/js/log.js b/web/skins/classic/views/js/log.js index 3130bef54..369462a9d 100644 --- a/web/skins/classic/views/js/log.js +++ b/web/skins/classic/views/js/log.js @@ -27,10 +27,10 @@ var options = {}; function escapeHtml(unsafe) { return unsafe - .replace(/&/g, "&") - .replace(//g, ">") - .replace(/"/g, """) + .replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """) .replace(/'/g, "'"); } From a16d29740cc704c63713b4b36fd48cfe13b0d50b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 6 Jun 2019 13:49:01 -0400 Subject: [PATCH 164/360] Fix final frame of event having same id as the second last --- src/zm_event.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/zm_event.cpp b/src/zm_event.cpp index 330f421eb..108aed5c6 100644 --- a/src/zm_event.cpp +++ b/src/zm_event.cpp @@ -87,7 +87,7 @@ Event::Event( char sql[ZM_SQL_MED_BUFSIZ]; struct tm *stime = localtime(&start_time.tv_sec); - snprintf( sql, sizeof(sql), "INSERT INTO Events ( MonitorId, StorageId, Name, StartTime, Width, Height, Cause, Notes, StateId, Orientation, Videoed, DefaultVideo, SaveJPEGs, Scheme ) values ( %d, %d, 'New Event', from_unixtime( %ld ), %d, %d, '%s', '%s', %d, %d, %d, '', %d, '%s' )", + snprintf(sql, sizeof(sql), "INSERT INTO Events ( MonitorId, StorageId, Name, StartTime, Width, Height, Cause, Notes, StateId, Orientation, Videoed, DefaultVideo, SaveJPEGs, Scheme ) values ( %d, %d, 'New Event', from_unixtime( %ld ), %d, %d, '%s', '%s', %d, %d, %d, '', %d, '%s' )", monitor->Id(), storage->Id(), start_time.tv_sec, @@ -247,6 +247,7 @@ Event::~Event() { Debug(2, "start_time:%d.%d end_time%d.%d", start_time.tv_sec, start_time.tv_usec, end_time.tv_sec, end_time.tv_usec); if ( frames > last_db_frame ) { + frames ++; Debug(1, "Adding closing frame %d to DB", frames); frame_data.push(new Frame(id, frames, NORMAL, end_time, delta_time, 0)); } @@ -484,7 +485,8 @@ void Event::AddFramesInternal( int n_frames, int start_frame, Image **images, st } int sql_len = strlen(sql); - snprintf(sql+sql_len, sizeof(sql)-sql_len, "( %" PRIu64 ", %d, from_unixtime(%ld), %s%ld.%02ld ), ", id, frames, timestamps[i]->tv_sec, delta_time.positive?"":"-", delta_time.sec, delta_time.fsec); + snprintf(sql+sql_len, sizeof(sql)-sql_len, "( %" PRIu64 ", %d, from_unixtime(%ld), %s%ld.%02ld ), ", + id, frames, timestamps[i]->tv_sec, delta_time.positive?"":"-", delta_time.sec, delta_time.fsec); frameCount++; } // end foreach frame @@ -493,7 +495,7 @@ void Event::AddFramesInternal( int n_frames, int start_frame, Image **images, st Debug(1, "Adding %d/%d frames to DB", frameCount, n_frames); *(sql+strlen(sql)-2) = '\0'; db_mutex.lock(); - if ( mysql_query( &dbconn, sql ) ) { + if ( mysql_query(&dbconn, sql) ) { Error("Can't insert frames: %s, sql was (%s)", mysql_error(&dbconn), sql); } db_mutex.unlock(); From 9b507734b2c74af2a6d22422261e8643e784ee2d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 6 Jun 2019 13:49:24 -0400 Subject: [PATCH 165/360] spacing --- web/skins/classic/views/frames.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php index 78239b1b1..17ed9c2f2 100644 --- a/web/skins/classic/views/frames.php +++ b/web/skins/classic/views/frames.php @@ -33,14 +33,14 @@ if ( isset( $_REQUEST['scale'] ) ) { } else if ( isset( $_COOKIE['zmWatchScale'] ) ) { $scale = validNum($_COOKIE['zmWatchScale']); } else { - $scale = max( reScale( SCALE_BASE, $Monitor->DefaultScale(), ZM_WEB_DEFAULT_SCALE ), SCALE_BASE ); + $scale = max(reScale(SCALE_BASE, $Monitor->DefaultScale(), ZM_WEB_DEFAULT_SCALE), SCALE_BASE); } -$sql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId'; -$frames = dbFetchAll( $sql, NULL, array( $_REQUEST['eid'] ) ); +$sql = 'SELECT *, unix_timestamp(TimeStamp) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId'; +$frames = dbFetchAll($sql, NULL, array($_REQUEST['eid'])); $focusWindow = true; -xhtmlHeaders(__FILE__, translate('Frames').' - '.$Event->Id() ); +xhtmlHeaders(__FILE__, translate('Frames').' - '.$Event->Id()); ?>
@@ -87,12 +87,12 @@ if ( count($frames) ) { $frame['FrameId']) ?> - + - Id().'&fid='.$frame['FrameId'], 'zmStats', 'stats', $frame['Score'] ) ?> + Id().'&fid='.$frame['FrameId'], 'zmStats', 'stats', $frame['Score']) ?> @@ -101,7 +101,7 @@ if ( count($frames) ) { } if ( ZM_WEB_LIST_THUMBS ) { ?> - Id().'&fid='.$frame['FrameId'], 'zmImage', array( 'image', $Event->Width(), $Event->Height() ), 'Id().'&fid='.$frame['FrameId'], 'zmImage', array('image', $Event->Width(), $Event->Height()), ' Date: Fri, 7 Jun 2019 14:07:23 -0400 Subject: [PATCH 166/360] spacing and quotes --- web/ajax/stream.php | 53 +++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/web/ajax/stream.php b/web/ajax/stream.php index f37012e54..910b18cb5 100644 --- a/web/ajax/stream.php +++ b/web/ajax/stream.php @@ -21,38 +21,38 @@ if ( sem_acquire($semaphore,1) !== false ) { } $localSocketFile = ZM_PATH_SOCKS.'/zms-'.sprintf('%06d',$_REQUEST['connkey']).'w.sock'; - if ( file_exists( $localSocketFile ) ) { + if ( file_exists($localSocketFile) ) { ZM\Warning("sock file $localSocketFile already exists?! Is someone else talking to zms?"); // They could be. We can maybe have concurrent requests from a browser. } - if ( !socket_bind( $socket, $localSocketFile ) ) { - ajaxError("socket_bind( $localSocketFile ) failed: ".socket_strerror(socket_last_error()) ); + if ( !socket_bind($socket, $localSocketFile) ) { + ajaxError("socket_bind( $localSocketFile ) failed: ".socket_strerror(socket_last_error())); } switch ( $_REQUEST['command'] ) { case CMD_VARPLAY : - ZM\Logger::Debug( 'Varplaying to '.$_REQUEST['rate'] ); - $msg = pack( 'lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['rate']+32768 ); + ZM\Logger::Debug('Varplaying to '.$_REQUEST['rate']); + $msg = pack('lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['rate']+32768); break; case CMD_ZOOMIN : - ZM\Logger::Debug( 'Zooming to '.$_REQUEST['x'].','.$_REQUEST['y'] ); - $msg = pack( 'lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] ); + ZM\Logger::Debug('Zooming to '.$_REQUEST['x'].','.$_REQUEST['y']); + $msg = pack('lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y']); break; case CMD_PAN : - ZM\Logger::Debug( 'Panning to '.$_REQUEST['x'].','.$_REQUEST['y'] ); - $msg = pack( 'lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] ); + ZM\Logger::Debug('Panning to '.$_REQUEST['x'].','.$_REQUEST['y']); + $msg = pack('lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y']); break; case CMD_SCALE : - ZM\Logger::Debug( 'Scaling to '.$_REQUEST['scale'] ); - $msg = pack( 'lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['scale'] ); + ZM\Logger::Debug('Scaling to '.$_REQUEST['scale']); + $msg = pack('lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['scale']); break; case CMD_SEEK : - ZM\Logger::Debug( 'Seeking to '.$_REQUEST['offset'] ); - $msg = pack( 'lcN', MSG_CMD, $_REQUEST['command'], $_REQUEST['offset'] ); + ZM\Logger::Debug('Seeking to '.$_REQUEST['offset']); + $msg = pack('lcN', MSG_CMD, $_REQUEST['command'], $_REQUEST['offset']); break; default : ZM\Logger::Debug('Sending command ' . $_REQUEST['command']); - $msg = pack( 'lc', MSG_CMD, $_REQUEST['command'] ); + $msg = pack('lc', MSG_CMD, $_REQUEST['command']); break; } @@ -60,7 +60,8 @@ if ( sem_acquire($semaphore,1) !== false ) { // Pi can take up to 3 seconds for zms to start up. $max_socket_tries = 1000; // FIXME This should not exceed web_ajax_timeout - while ( !file_exists($remSockFile) && $max_socket_tries-- ) { //sometimes we are too fast for our own good, if it hasn't been setup yet give it a second. + while ( !file_exists($remSockFile) && $max_socket_tries-- ) { + //sometimes we are too fast for our own good, if it hasn't been setup yet give it a second. // WHY? We will just send another one... // ANSWER: Because otherwise we get a log of errors logged @@ -71,27 +72,27 @@ if ( sem_acquire($semaphore,1) !== false ) { if ( !file_exists($remSockFile) ) { ajaxError("Socket $remSockFile does not exist. This file is created by zms, and since it does not exist, either zms did not run, or zms exited early. Please check your zms logs and ensure that CGI is enabled in apache and check that the PATH_ZMS is set correctly. Make sure that ZM is actually recording. If you are trying to view a live stream and the capture process (zmc) is not running then zms will exit. Please go to http://zoneminder.readthedocs.io/en/latest/faq.html#why-can-t-i-see-streamed-images-when-i-can-see-stills-in-the-zone-window-etc for more information."); } else { - if ( !@socket_sendto( $socket, $msg, strlen($msg), 0, $remSockFile ) ) { - ajaxError( "socket_sendto( $remSockFile ) failed: ".socket_strerror(socket_last_error()) ); + if ( !@socket_sendto($socket, $msg, strlen($msg), 0, $remSockFile) ) { + ajaxError("socket_sendto( $remSockFile ) failed: ".socket_strerror(socket_last_error())); } } - $rSockets = array( $socket ); + $rSockets = array($socket); $wSockets = NULL; $eSockets = NULL; $timeout = MSG_TIMEOUT - ( time() - $start_time ); - $numSockets = socket_select( $rSockets, $wSockets, $eSockets, intval($timeout/1000), ($timeout%1000)*1000 ); + $numSockets = socket_select($rSockets, $wSockets, $eSockets, intval($timeout/1000), ($timeout%1000)*1000); if ( $numSockets === false ) { - ZM\Error('socket_select failed: ' . socket_strerror(socket_last_error()) ); - ajaxError( 'socket_select failed: '.socket_strerror(socket_last_error()) ); + ZM\Error('socket_select failed: ' . socket_strerror(socket_last_error())); + ajaxError('socket_select failed: '.socket_strerror(socket_last_error())); } else if ( $numSockets < 0 ) { - ZM\Error( "Socket closed $remSockFile" ); - ajaxError( "Socket closed $remSockFile" ); + ZM\Error("Socket closed $remSockFile"); + ajaxError("Socket closed $remSockFile"); } else if ( $numSockets == 0 ) { - ZM\Error( "Timed out waiting for msg $remSockFile" ); + ZM\Error("Timed out waiting for msg $remSockFile"); socket_set_nonblock($socket); #ajaxError("Timed out waiting for msg $remSockFile"); } else if ( $numSockets > 0 ) { @@ -101,7 +102,7 @@ if ( sem_acquire($semaphore,1) !== false ) { } } - switch( $nbytes = @socket_recvfrom( $socket, $msg, MSG_DATA_SIZE, 0, $remSockFile ) ) { + switch( $nbytes = @socket_recvfrom($socket, $msg, MSG_DATA_SIZE, 0, $remSockFile) ) { case -1 : ajaxError("socket_recvfrom( $remSockFile ) failed: ".socket_strerror(socket_last_error())); break; @@ -157,7 +158,7 @@ if ( sem_acquire($semaphore,1) !== false ) { } sem_release($semaphore); } else { - ZM\Logger::Debug("Couldn't get semaphore"); + ZM\Logger::Debug('Couldn\'t get semaphore'); ajaxResponse(array()); } From 2e624522c7ea016b684d15c4496a84772d640149 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 10 Jun 2019 09:43:56 -0400 Subject: [PATCH 167/360] fixes #2294 (#2637) --- scripts/zmfilter.pl.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index 6540413b7..6527742c8 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -448,10 +448,10 @@ sub generateImage { } elsif ( -r $capture_image_path ) { $image_path = $capture_image_path; } elsif ( -r $video_path ) { - my $command ="ffmpeg -ss $$frame{Delta} -i '$video_path' -frames:v 1 '$capture_image_path'"; + my $command ="ffmpeg -nostdin -ss $$frame{Delta} -i '$video_path' -frames:v 1 '$capture_image_path'"; #$command = "ffmpeg -y -v 0 -i $video_path -vf 'select=gte(n\\,$$frame{FrameId}),setpts=PTS-STARTPTS' -vframes 1 -f image2 $capture_image_path"; my $output = qx($command); - chomp( $output ); + chomp($output); my $status = $? >> 8; if ( $status || logDebugging() ) { Debug("Output: $output"); From ebc9a77c9ddbba351130bb3ef1020742b8efaf4c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 10 Jun 2019 12:57:57 -0400 Subject: [PATCH 168/360] When saving jpegs, do a db write on the first frame. Fix test for writing frame info to db. Because we increment frames, it is essentially 1-based. So the test needs to be ==1 instead of ! --- src/zm_event.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/zm_event.cpp b/src/zm_event.cpp index 108aed5c6..dba7d1c52 100644 --- a/src/zm_event.cpp +++ b/src/zm_event.cpp @@ -543,6 +543,8 @@ void Event::AddFrame(Image *image, struct timeval timestamp, int score, Image *a bool write_to_db = false; if ( monitor->GetOptSaveJPEGs() & 1 ) { + if ( frames == 1 ) + write_to_db = true; // web ui might show this as thumbnail, so db needs to know about it. static char event_file[PATH_MAX]; snprintf(event_file, sizeof(event_file), staticConfig.capture_file_format, path, frames); Debug(1, "Writing capture frame %d to %s", frames, event_file); @@ -574,7 +576,7 @@ void Event::AddFrame(Image *image, struct timeval timestamp, int score, Image *a if ( score < 0 ) score = 0; - bool db_frame = ( frame_type != BULK ) || (!frames) || ((frames%config.bulk_frame_interval)==0) ; + bool db_frame = ( frame_type != BULK ) || (frames==1) || ((frames%config.bulk_frame_interval)==0) ; if ( db_frame ) { static char sql[ZM_SQL_MED_BUFSIZ]; From 50436c5ea13ba8a3413b95623d39676a1c71f446 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 10 Jun 2019 13:59:01 -0400 Subject: [PATCH 169/360] Correct debug line listing how many frames are being written to db --- src/zm_event.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/zm_event.cpp b/src/zm_event.cpp index dba7d1c52..04d873446 100644 --- a/src/zm_event.cpp +++ b/src/zm_event.cpp @@ -583,14 +583,14 @@ void Event::AddFrame(Image *image, struct timeval timestamp, int score, Image *a frame_data.push(new Frame(id, frames, frame_type, timestamp, delta_time, score)); if ( write_to_db || ( frame_data.size() > 20 ) ) { WriteDbFrames(); - Debug(1, "Adding 20 frames to DB"); + Debug(1, "Adding %d frames to DB", frame_data.size()); last_db_frame = frames; } // We are writing a Bulk frame if ( frame_type == BULK ) { snprintf(sql, sizeof(sql), - "UPDATE Events SET Length = %s%ld.%02ld, Frames = %d, AlarmFrames = %d, TotScore = %d, AvgScore = %d, MaxScore = %d where Id = %" PRIu64, + "UPDATE Events SET Length = %s%ld.%02ld, Frames = %d, AlarmFrames = %d, TotScore = %d, AvgScore = %d, MaxScore = %d WHERE Id = %" PRIu64, ( delta_time.positive?"":"-" ), delta_time.sec, delta_time.fsec, frames, From ee80b086af98cda1bfa50280dd5f443c938b968d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 10 Jun 2019 14:13:21 -0400 Subject: [PATCH 170/360] log the # of db entries being written before doing the writing so that we know the # being written --- src/zm_event.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_event.cpp b/src/zm_event.cpp index 04d873446..037cfac50 100644 --- a/src/zm_event.cpp +++ b/src/zm_event.cpp @@ -582,8 +582,8 @@ void Event::AddFrame(Image *image, struct timeval timestamp, int score, Image *a frame_data.push(new Frame(id, frames, frame_type, timestamp, delta_time, score)); if ( write_to_db || ( frame_data.size() > 20 ) ) { - WriteDbFrames(); Debug(1, "Adding %d frames to DB", frame_data.size()); + WriteDbFrames(); last_db_frame = frames; } From 1749a7a4f964e0eae6f2f69b3d303d12b8e8a458 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 10 Jun 2019 15:57:53 -0400 Subject: [PATCH 171/360] fix extra closing button tag in shutdown button. Add a newline after each Storage group to make the code easier to read --- web/skins/classic/includes/functions.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index 2debc045b..fc62a504c 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -341,7 +341,7 @@ if ( canEdit('System') ) {

- power_settings_new' ) ?> + power_settings_new' ) ?>

@@ -394,7 +394,8 @@ if ( (!ZM_OPT_USE_AUTH) or $user ) { $title = human_filesize($S->disk_used_space()) . ' of ' . human_filesize($S->disk_total_space()). ( ( $S->disk_used_space() != $S->event_disk_space() ) ? ' ' .human_filesize($S->event_disk_space()) . ' used by events' : '' ); - return ''.$S->Name() . ': ' . $S->disk_usage_percent().'%' . ''; }; + return ''.$S->Name() . ': ' . $S->disk_usage_percent().'%' . ' +'; }; #$func = function($S){ return ''.$S->Name() . ': ' . $S->disk_usage_percent().'%' . ''; }; if ( count($storage_areas) > 4 ) $storage_areas = ZM\Storage::find( array('ServerId'=>null) ); From 265e49fe45bfba024c72199d301d084452ed6603 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 10 Jun 2019 15:58:17 -0400 Subject: [PATCH 172/360] Add a newline after each filter group to make the code easier to read --- web/skins/classic/views/_monitor_filters.php | 24 +++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/web/skins/classic/views/_monitor_filters.php b/web/skins/classic/views/_monitor_filters.php index 3e149cfba..1d07e3d3a 100644 --- a/web/skins/classic/views/_monitor_filters.php +++ b/web/skins/classic/views/_monitor_filters.php @@ -63,7 +63,8 @@ if ( count($GroupsById) ) { $group_id = isset($_SESSION['Group']) ? $_SESSION['Group'] : null; $html .= ZM\Group::get_group_dropdown(); $groupSql = ZM\Group::get_group_sql($group_id); - $html .= ''; + $html .= ' +'; } $selected_monitor_ids = isset($_SESSION['MonitorId']) ? $_SESSION['MonitorId'] : array(); @@ -95,7 +96,8 @@ if ( ! empty($user['MonitorIds']) ) { $html .= ''; $html .= ''; -$html .= ''; +$html .= ' +'; $Functions = array(); foreach ( getEnumValues('Monitors', 'Function') as $optFunction ) { @@ -112,7 +114,8 @@ $html .= htmlSelect('Function[]', $Functions, 'data-placeholder'=>'All', ) ); -$html .= ''; +$html .= ' +'; if ( count($ServersById) > 1 ) { $html .= ''; @@ -125,7 +128,8 @@ if ( count($ServersById) > 1 ) { 'data-placeholder'=>'All', ) ); - $html .= ''; + $html .= ' +'; } # end if have Servers if ( count($StorageById) > 1 ) { @@ -138,7 +142,8 @@ if ( count($StorageById) > 1 ) { 'multiple'=>'multiple', 'data-placeholder'=>'All', ) ); - $html .= ''; + $html .= ' +'; } # end if have Storage Areas $html .= ''; @@ -156,11 +161,13 @@ $html .= htmlSelect( 'Status[]', $status_options, 'multiple'=>'multiple', 'data-placeholder'=>'All' ) ); - $html .= ''; +$html .= ' +'; $html .= ''; $html .= ''; - $html .= ''; + $html .= ' +'; $sql = 'SELECT *,S.Status AS Status, S.CaptureFPS AS CaptureFPS, S.AnalysisFPS AS AnalysisFPS, S.CaptureBandwidth AS CaptureBandwidth FROM Monitors AS M LEFT JOIN Monitor_Status AS S ON MonitorId=Id ' . @@ -243,7 +250,8 @@ $html .= htmlSelect( 'Status[]', $status_options, ) ); # Repurpose this variable to be the list of MonitorIds as a result of all the filtering $selected_monitor_ids = array_map(function($monitor_row){return $monitor_row['Id'];}, $displayMonitors); - $html .= ''; +$html .= ' +'; echo $html; ?>
From 1eadb814e24c7fb356543b95c399b41576da396a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 10 Jun 2019 15:59:19 -0400 Subject: [PATCH 173/360] Fix use of onclick and onchange. Fix bulk frame lookup. Make scanning events more efficient --- web/skins/classic/views/js/montagereview.js | 117 ++++++++++----- .../classic/views/js/montagereview.js.php | 26 +++- web/skins/classic/views/montagereview.php | 138 +++++++++--------- 3 files changed, 171 insertions(+), 110 deletions(-) diff --git a/web/skins/classic/views/js/montagereview.js b/web/skins/classic/views/js/montagereview.js index f21b59baa..e3b07e5f3 100644 --- a/web/skins/classic/views/js/montagereview.js +++ b/web/skins/classic/views/js/montagereview.js @@ -45,51 +45,81 @@ function evaluateLoadTimes() { $('fps').innerHTML="Display refresh rate is " + (1000 / currentDisplayInterval).toFixed(1) + " per second, avgFrac=" + avgFrac.toFixed(3) + "."; } // end evaluateLoadTimes() -function getFrame( monId, time ) { +function getFrame(monId, time, last_Frame=null) { + if ( last_Frame ) { + if ( + (last_Frame.TimeStampSecs <= time) + && + (last_Frame.EndTimeStampSecs >= time) + ) { + return last_Frame; + } + } + + var events_for_monitor = events_by_monitor_id[monId]; + if ( ! events_for_monitor ) { + console.log("No events for monitor " + monId); + return; + } + var Frame = null; - for ( var event_id in events ) { + for ( var i = 0; i < events_for_monitor.length; i++ ) { + //for ( var event_id_idx in events_for_monitor ) { + var event_id = events_for_monitor[i]; // Search for the event matching this time. Would be more efficient if we had events indexed by monitor - Event = events[event_id]; - if ( Event.MonitorId != monId || Event.StartTimeSecs > time || Event.EndTimeSecs < time ) { + e = events[event_id]; + if ( !e ) { + console.log("No event found for " + event_id); + break; + } + if ( e.MonitorId != monId || e.StartTimeSecs > time || e.EndTimeSecs < time ) { + //console.log("Event not for " + time); continue; } - var duration = Event.EndTimeSecs - Event.StartTimeSecs; - if ( ! Event.FramesById ) { + if ( !e.FramesById ) { console.log("No FramesById for event " + event_id); return; } - var frame = parseInt((time - Event.StartTimeSecs)/(duration)*Object.keys(Event.FramesById).length)+1; - // Need to get frame by time, not some fun calc that assumes frames have the same mlength. - // Frames are not sorted. - for ( var frame_id in Event.FramesById ) { + var duration = e.EndTimeSecs - e.StartTimeSecs; + + // I think this is an estimate to jump near the desired frame. + var frame = parseInt((time - e.StartTimeSecs)/(duration)*Object.keys(e.FramesById).length)+1; + //console.log("frame_id for " + time + " is " + frame); + + // Need to get frame by time, not some fun calc that assumes frames have the same length. + // Frames are sorted in descreasing order (or not sorted). + // This is likely not efficient. Would be better to start at the last frame viewed, see if it is still relevant + // Then move forward or backwards as appropriate + + for ( var frame_id in e.FramesById ) { if ( 0 ) { if ( frame == 0 ) { - console.log("Found frame for time " + time ); + console.log("Found frame for time " + time); console.log(Frame); - Frame = Event.FramesById[frame_id]; + Frame = e.FramesById[frame_id]; break; } frame --; continue; } if ( - Event.FramesById[frame_id].TimeStampSecs == time + e.FramesById[frame_id].TimeStampSecs == time || ( - Event.FramesById[frame_id].TimeStampSecs < time + e.FramesById[frame_id].TimeStampSecs < time && ( - (!Event.FramesById[frame_id].NextTimeStampSecs) + (!e.FramesById[frame_id].NextTimeStampSecs) // only if event.EndTime is null || - (Event.FramesById[frame_id].NextTimeStampSecs > time) + (e.FramesById[frame_id].NextTimeStampSecs > time) ) ) ) { - Frame = Event.FramesById[frame_id]; + Frame = e.FramesById[frame_id]; break; } } // end foreach frame in the event. - if ( ! Frame ) { - console.log("Didn't find frame for " + time ); + if ( !Frame ) { + console.log("Didn't find frame for " + time); return null; } } // end foreach event @@ -97,11 +127,11 @@ function getFrame( monId, time ) { } // time is seconds since epoch -function getImageSource( monId, time ) { +function getImageSource(monId, time) { if ( liveMode == 1 ) { var new_url = monitorImageObject[monId].src.replace( /rand=\d+/i, - 'rand='+Math.floor((Math.random() * 1000000) ) + 'rand='+Math.floor(Math.random() * 1000000) ); if ( auth_hash ) { // update auth hash @@ -109,20 +139,31 @@ function getImageSource( monId, time ) { } return new_url; } + var frame_id; + var Frame = getFrame(monId, time); if ( Frame ) { // Adjust for bulk frames if ( Frame.NextFrameId ) { - var duration = Frame.NextTimeStampSecs - Frame.TimeStampSecs; - frame_id = Frame.FrameId + parseInt( (Frame.NextFrameId-Frame.FrameId) * ( time-Frame.TimeStampSecs )/duration ); - //console.log("Have NextFrame: duration: " + duration + " frame_id = " + frame_id + " from " + Frame.NextFrameId + ' - ' + Frame.FrameId + " time: " + (time-Frame.TimeStampSecs) ); - //} else { - //console.log("No NextFrame"); + var e = events[Frame.EventId]; + var NextFrame = e.FramesById[Frame.NextFrameId]; + if ( !NextFrame ) { + console.log("No next frame for " + Frame.NextFrameId); + } else if ( NextFrame.Type == 'Bulk' ) { + // There is time between this frame and a bulk frame + var duration = Frame.NextTimeStampSecs - Frame.TimeStampSecs; + frame_id = Frame.FrameId + parseInt( (NextFrame.FrameId-Frame.FrameId) * ( time-Frame.TimeStampSecs )/duration ); + //console.log("Have NextFrame: duration: " + duration + " frame_id = " + frame_id + " from " + NextFrame.FrameId + ' - ' + Frame.FrameId + " time: " + (time-Frame.TimeStampSecs) ); + } + + } else { + frame_id = Frame['Id']; + console.log("No NextFrame"); } Event = events[Frame.EventId]; var storage = Storage[Event.StorageId]; - if ( ! storage ) { + if ( !storage ) { // Storage[0] is guaranteed to exist as we make sure it is there in montagereview.js.php console.log("No storage area for id " + Event.StorageId); storage = Storage[0]; @@ -130,7 +171,7 @@ function getImageSource( monId, time ) { // monitorServerId may be 0, which gives us the default Server entry var server = storage.ServerId ? Servers[storage.ServerId] : Servers[monitorServerId[monId]]; return server.PathToIndex + - '?view=image&eid=' + Frame.EventId + '&fid='+Frame.FrameId + + '?view=image&eid=' + Frame.EventId + '&fid='+frame_id + "&width=" + monitorCanvasObj[monId].width + "&height=" + monitorCanvasObj[monId].height; } // end found Frame @@ -818,16 +859,16 @@ function showOneMonitor(monId) { // We know the monitor, need to determine the event based on current time var url; if ( liveMode != 0 ) { - url="?view=watch&mid=" + monId.toString(); - createPopup(url, 'zmWatch', 'watch', monitorWidth[monId], monitorHeight[monId] ); + url = '?view=watch&mid=' + monId.toString(); + createPopup(url, 'zmWatch', 'watch', monitorWidth[monId], monitorHeight[monId]); } else { var Frame = getFrame( monId, currentTimeSecs ); if ( Frame ) { - url="?view=event&eid=" + Frame.EventId + '&fid=' +Frame.FrameId; + url = '?view=event&eid=' + Frame.EventId + '&fid=' + Frame.FrameId; createPopup(url, 'zmEvent', 'event', monitorWidth[monId], monitorHeight[monId]); } else { - url="?view=watch&mid=" + monId.toString(); - createPopup(url, 'zmWatch', 'watch', monitorWidth[monId], monitorHeight[monId] ); + url = '?view=watch&mid=' + monId.toString(); + createPopup(url, 'zmWatch', 'watch', monitorWidth[monId], monitorHeight[monId]); } } // end if live/events } @@ -960,11 +1001,19 @@ function initPage() { maxDate: +0, constrainInput: false, onClose: function(newDate, oldData) { - if (newDate !== oldData.lastVal) { + if ( newDate !== oldData.lastVal ) { changeDateTime(); } } }); + $j('#scaleslider').bind('change', function() { setScale(this.value); }); + $j('#scaleslider').bind('input', function() { showScale(this.value); }); + $j('#speedslider').bind('change', function() { setSpeed(this.value); }); + $j('#speedslider').bind('input', function() { showSpeed(this.value); }); + + $j('#liveButton').bind('click', function() { setLive(1-liveMode); }); + $j('#fit').bind('click', function() { setFit(1-fitMode); }); + $j('#archive_status').bind('change', function() { console.log('submitting'); this.form.submit(); }); } window.addEventListener("resize", redrawScreen, {passive: true}); // Kick everything off diff --git a/web/skins/classic/views/js/montagereview.js.php b/web/skins/classic/views/js/montagereview.js.php index 7c529790b..4f7cad02a 100644 --- a/web/skins/classic/views/js/montagereview.js.php +++ b/web/skins/classic/views/js/montagereview.js.php @@ -55,23 +55,26 @@ if ( !$liveMode ) { if ( $result = dbQuery($framesSql) ) { $next_frame = null; - while( $frame = $result->fetch(PDO::FETCH_ASSOC) ) { + while ( $frame = $result->fetch(PDO::FETCH_ASSOC) ) { $event_id = $frame['EventId']; $event = &$EventsById[$event_id]; $frame['TimeStampSecs'] = $event['StartTimeSecs'] + $frame['Delta']; if ( !isset($event['FramesById']) ) { + // Please note that this is the last frame as we sort DESC $event['FramesById'] = array(); - $frame['NextTimeStampSecs'] = 0; + $frame['NextTimeStampSecs'] = $event['EndTime']; } else { $frame['NextTimeStampSecs'] = $next_frames[$frame['EventId']]['TimeStampSecs']; - $frame['NextFrameId'] = $next_frames[$frame['EventId']]['FrameId']; + $frame['NextFrameId'] = $next_frames[$frame['EventId']]['Id']; } - $event['FramesById'] += array( $frame['Id']=>$frame ); + $event['FramesById'] += array($frame['Id']=>$frame); $next_frames[$frame['EventId']] = $frame; } } + $events_by_monitor_id = array(); + echo "var events = {\n"; foreach ( $EventsById as $event_id=>$event ) { @@ -82,7 +85,7 @@ if ( !$liveMode ) { if ( !$minTimeSecs or $minTimeSecs > $StartTimeSecs ) $minTimeSecs = $StartTimeSecs; if ( !$maxTimeSecs or $maxTimeSecs < $EndTimeSecs ) $maxTimeSecs = $EndTimeSecs; - $event_json = json_encode($event, JSON_PRETTY_PRINT); + $event_json = json_encode($event, JSON_PRETTY_PRINT|JSON_NUMERIC_CHECK); echo " $event_id : $event_json,\n"; $index = $index + 1; @@ -91,8 +94,19 @@ if ( !$liveMode ) { $maxScore = $event['MaxScore']; $anyAlarms = true; } + if ( !isset($events_by_monitor_id[$event['MonitorId']]) ) + $events_by_monitor_id[$event['MonitorId']] = array(); + array_push($events_by_monitor_id[$event['MonitorId']], $event_id); + + } # end foreach Event + echo " }; + var events_by_monitor_id = { + \n"; + + foreach ( $events_by_monitor_id as $monitor_id=>$event_ids ) { + echo "$monitor_id : ".json_encode($event_ids, JSON_NUMERIC_CHECK) . "\n"; } -echo " };\n"; + echo " };\n"; // if there is no data set the min/max to the passed in values if ( $index == 0 ) { diff --git a/web/skins/classic/views/montagereview.php b/web/skins/classic/views/montagereview.php index 1d05d597e..29c32deaf 100644 --- a/web/skins/classic/views/montagereview.php +++ b/web/skins/classic/views/montagereview.php @@ -64,7 +64,7 @@ if ( isset($_REQUEST['filter']) ) { $filter = $_REQUEST['filter']; } else { - if (isset($_REQUEST['minTime']) && isset($_REQUEST['maxTime']) && count($displayMonitors) != 0) { + if ( isset($_REQUEST['minTime']) && isset($_REQUEST['maxTime']) && (count($displayMonitors) != 0) ) { $filter = array( 'Query' => array( 'terms' => array( @@ -77,10 +77,10 @@ if ( isset($_REQUEST['filter']) ) { $filter['Query']['terms'][] = (array('attr' => 'MonitorId', 'op' => 'IN', 'val' => implode(',',$selected_monitor_ids), 'cnj' => 'and')); } else if ( ( $group_id != 0 || isset($_SESSION['ServerFilter']) || isset($_SESSION['StorageFilter']) || isset($_SESSION['StatusFilter']) ) ) { # this should be redundant - for ($i=0; $i < count($displayMonitors); $i++) { - if ($i == '0') { + for ( $i = 0; $i < count($displayMonitors); $i++ ) { + if ( $i == '0' ) { $filter['Query']['terms'][] = array('attr' => 'MonitorId', 'op' => '=', 'val' => $displayMonitors[$i]['Id'], 'cnj' => 'and', 'obr' => '1'); - } else if ($i == (count($displayMonitors)-1)) { + } else if ( $i == (count($displayMonitors)-1) ) { $filter['Query']['terms'][] = array('attr' => 'MonitorId', 'op' => '=', 'val' => $displayMonitors[$i]['Id'], 'cnj' => 'or', 'cbr' => '1'); } else { $filter['Query']['terms'][] = array('attr' => 'MonitorId', 'op' => '=', 'val' => $displayMonitors[$i]['Id'], 'cnj' => 'or'); @@ -118,7 +118,7 @@ $eventsSql = 'SELECT // Note that the delta value seems more accurate than the time stamp for some reason. $framesSql = ' - SELECT Id, FrameId, EventId, TimeStamp, UNIX_TIMESTAMP(TimeStamp) AS TimeStampSecs, Score, Delta + SELECT Id, FrameId, EventId, TimeStamp, UNIX_TIMESTAMP(TimeStamp) AS TimeStampSecs, Score, Delta, Type FROM Frames WHERE EventId IN (SELECT E.Id FROM Events AS E WHERE 1>0 '; @@ -126,9 +126,9 @@ $framesSql = ' // This program only calls itself with the time range involved -- it does all monitors (the user can see, in the called group) all the time $monitor_ids_sql = ''; -if ( ! empty($user['MonitorIds']) ) { +if ( !empty($user['MonitorIds']) ) { $eventsSql .= ' AND E.MonitorId IN ('.$user['MonitorIds'].')'; - $framesSql .= ' AND E.MonitorId IN ('.$user['MonitorIds'].')'; + $framesSql .= ' AND E.MonitorId IN ('.$user['MonitorIds'].')'; } if ( count($selected_monitor_ids) ) { $monitor_ids_sql = ' IN (' . implode(',',$selected_monitor_ids).')'; @@ -173,7 +173,7 @@ if ( (strtotime($maxTime) - strtotime($minTime))/(365*24*3600) > 30 ) { } $fitMode = 1; -if (isset($_REQUEST['fit']) && $_REQUEST['fit']=='0' ) +if ( isset($_REQUEST['fit']) && ($_REQUEST['fit'] == '0') ) $fitMode = 0; if ( isset($_REQUEST['scale']) ) @@ -200,7 +200,7 @@ if ( isset($_REQUEST['current']) ) $defaultCurrentTime = validHtmlStr($_REQUEST['current']); $liveMode = 1; // default to live -if ( isset($_REQUEST['live']) && $_REQUEST['live']=='0' ) +if ( isset($_REQUEST['live']) && ($_REQUEST['live'] == '0') ) $liveMode = 0; $initialDisplayInterval = 1000; @@ -236,82 +236,80 @@ foreach( $displayMonitors as $row ) { // These are zoom ranges per visible monitor xhtmlHeaders(__FILE__, translate('MontageReview') ); +getBodyTopHTML(); ?> - -
+
- +
+ + + + +
+
+ + +
+
Id().' ' .$m->Name().'" width="' . $m->Width() * $defaultScale . '" height="' . $m->Height() * $defaultScale . '" id="Monitor' . $m->Id() . '" style="border:1px solid ' . $m->WebColour() . '" monitor_id="'.$m->Id().'">No Canvas Support!!'; + echo 'No Canvas Support!! +'; } ?>
From acb95709e6cd8fdb9e76b3d58bc6f546fc6b1447 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 11 Jun 2019 10:19:42 -0400 Subject: [PATCH 174/360] Fix issues with too much audio in events by storing packets in the queue with their timestamps converted to AV_TIME_BASE_Q, so that we can sort video and audio packets together. --- src/zm_ffmpeg_camera.cpp | 49 +++++++++++++++++++++++++++++----------- src/zm_packet.cpp | 10 ++++++-- src/zm_packet.h | 4 ++-- src/zm_packetqueue.cpp | 22 +++++++++++------- src/zm_packetqueue.h | 4 ++-- src/zm_videostore.cpp | 46 +++++++++++++++++++++++-------------- 6 files changed, 91 insertions(+), 44 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index dc2a32475..093648946 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -873,6 +873,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event } } // end if recording or not + // Buffer video packets, since we are not recording. // All audio packets are keyframes, so only if it's a video keyframe if ( packet.stream_index == mVideoStreamId ) { @@ -885,17 +886,18 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event } packetqueue->clearQueue(monitor->GetPreEventCount(), mVideoStreamId); - packetqueue->queuePacket(&packet); + + packetqueue->queuePacket(&packet, mFormatContext->streams[packet.stream_index]); } else if ( packetqueue->size() ) { // it's a keyframe or we already have something in the queue - packetqueue->queuePacket(&packet); + packetqueue->queuePacket(&packet, mFormatContext->streams[packet.stream_index]); } } else if ( packet.stream_index == mAudioStreamId ) { // The following lines should ensure that the queue always begins with a video keyframe //Debug(2, "Have audio packet, reocrd_audio is (%d) and packetqueue.size is (%d)", record_audio, packetqueue.size() ); if ( record_audio && packetqueue->size() ) { // if it's audio, and we are doing audio, and there is already something in the queue - packetqueue->queuePacket(&packet); + packetqueue->queuePacket(&packet, mFormatContext->streams[packet.stream_index]); } } // end if packet type @@ -904,9 +906,19 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( have_video_keyframe || keyframe ) { if ( videoStore ) { + AVPacket out_packet; + av_init_packet(&out_packet); + if ( zm_av_packet_ref( &out_packet, &packet ) < 0 ) { + Error("error refing packet"); + } + out_packet.pts = av_rescale_q(out_packet.pts, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + out_packet.dts = av_rescale_q(out_packet.dts, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + out_packet.duration = av_rescale_q(out_packet.duration, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + //Write the packet to our video store - int ret = videoStore->writeVideoFramePacket(&packet); + int ret = videoStore->writeVideoFramePacket(&out_packet); + zm_av_packet_unref(&out_packet); if ( ret < 0 ) { //Less than zero and we skipped a frame zm_av_packet_unref(&packet); return 0; @@ -1005,15 +1017,26 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( videoStore ) { if ( record_audio ) { if ( have_video_keyframe ) { - Debug(3, "Recording audio packet streamindex(%d) packetstreamindex(%d)", mAudioStreamId, packet.stream_index ); - //Write the packet to our video store - //FIXME no relevance of last key frame - int ret = videoStore->writeAudioFramePacket( &packet ); - if ( ret < 0 ) {//Less than zero and we skipped a frame - Warning("Failure to write audio packet."); - zm_av_packet_unref( &packet ); - return 0; - } + + AVPacket out_packet; + av_init_packet(&out_packet); + if ( zm_av_packet_ref( &out_packet, &packet ) < 0 ) { + Error("error refing packet"); + } + out_packet.pts = av_rescale_q(out_packet.pts, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + out_packet.dts = av_rescale_q(out_packet.dts, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + out_packet.duration = av_rescale_q(out_packet.duration, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + + Debug(3, "Recording audio packet streamindex(%d) packetstreamindex(%d)", mAudioStreamId, packet.stream_index); + //Write the packet to our video store + //FIXME no relevance of last key frame + int ret = videoStore->writeAudioFramePacket(&out_packet); + zm_av_packet_unref(&out_packet); + if ( ret < 0 ) {//Less than zero and we skipped a frame + Warning("Failure to write audio packet."); + zm_av_packet_unref( &packet ); + return 0; + } } else { Debug(3, "Not recording audio yet because we don't have a video keyframe yet"); } diff --git a/src/zm_packet.cpp b/src/zm_packet.cpp index a04282d26..a89a557d2 100644 --- a/src/zm_packet.cpp +++ b/src/zm_packet.cpp @@ -24,23 +24,29 @@ using namespace std; -ZMPacket::ZMPacket( AVPacket *p ) { +ZMPacket::ZMPacket( AVPacket *p, AVStream *stream ) { frame = NULL; image = NULL; av_init_packet( &packet ); if ( zm_av_packet_ref( &packet, p ) < 0 ) { Error("error refing packet"); } + packet.pts = av_rescale_q(packet.pts, stream->time_base, AV_TIME_BASE_Q); + packet.dts = av_rescale_q(packet.dts, stream->time_base, AV_TIME_BASE_Q); + packet.duration = av_rescale_q(packet.duration, stream->time_base, AV_TIME_BASE_Q); gettimeofday( ×tamp, NULL ); } -ZMPacket::ZMPacket( AVPacket *p, struct timeval *t ) { +ZMPacket::ZMPacket( AVPacket *p, AVStream *stream, struct timeval *t ) { frame = NULL; image = NULL; av_init_packet( &packet ); if ( zm_av_packet_ref( &packet, p ) < 0 ) { Error("error refing packet"); } + packet.pts = av_rescale_q(packet.pts, stream->time_base, AV_TIME_BASE_Q); + packet.dts = av_rescale_q(packet.pts, stream->time_base, AV_TIME_BASE_Q); + packet.duration = av_rescale_q(packet.pts, stream->time_base, AV_TIME_BASE_Q); timestamp = *t; } diff --git a/src/zm_packet.h b/src/zm_packet.h index bdb67cb57..608d1b1e9 100644 --- a/src/zm_packet.h +++ b/src/zm_packet.h @@ -38,8 +38,8 @@ class ZMPacket { struct timeval timestamp; public: AVPacket *av_packet() { return &packet; } - ZMPacket( AVPacket *packet, struct timeval *timestamp ); - explicit ZMPacket( AVPacket *packet ); + ZMPacket( AVPacket *packet, AVStream *stream, struct timeval *timestamp ); + explicit ZMPacket( AVPacket *packet, AVStream * ); ~ZMPacket(); }; diff --git a/src/zm_packetqueue.cpp b/src/zm_packetqueue.cpp index 81fbb09c4..1287c7bd5 100644 --- a/src/zm_packetqueue.cpp +++ b/src/zm_packetqueue.cpp @@ -57,8 +57,8 @@ bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) { Debug(2, "Looking at packet with stream index (%d) with dts %" PRId64, av_packet->stream_index, av_packet->dts); if ( - ( av_packet->stream_index == zm_packet->packet.stream_index ) - && + //( av_packet->stream_index == zm_packet->packet.stream_index ) + //&& ( av_packet->dts != AV_NOPTS_VALUE ) && ( av_packet->dts <= zm_packet->packet.dts) @@ -77,7 +77,7 @@ bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) { //Debug(2, "Found packet with stream index (%d) with dts %" PRId64, //(*it)->packet.stream_index, (*it)->packet.dts); if ( it == pktQueue.rbegin() ) { - Debug(2,"Inserting packet with dts %" PRId64 " at end", zm_packet->packet.dts); + Debug(2, "Inserting packet with dts %" PRId64 " at end", zm_packet->packet.dts); // No dts value, can't so much with it pktQueue.push_back(zm_packet); packet_counts[zm_packet->packet.stream_index] += 1; @@ -85,16 +85,22 @@ bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) { } // Convert to a forward iterator so that we can insert at end std::list::iterator f_it = it.base(); - Debug(2, "Insert packet with stream index (%d) with dts %" PRId64 " for dts %" PRId64, (*f_it)->packet.stream_index, (*f_it)->packet.dts, zm_packet->packet.dts); + if ( f_it == pktQueue.end() ) { + Debug(2, "Pushing to end"); + pktQueue.push_back(zm_packet); + } else { + Debug(2, "Insert packet with stream index (%d) with dts %" PRId64 " for dts %" PRId64, + (*f_it)->packet.stream_index, (*f_it)->packet.dts, zm_packet->packet.dts); - pktQueue.insert(f_it, zm_packet); + pktQueue.insert(f_it, zm_packet); + } packet_counts[zm_packet->packet.stream_index] += 1; return true; } - Debug(1,"Unable to insert packet for stream %d with dts %" PRId64 " into queue.", + Debug(1,"Unable to find a spot for stream %d with dts %" PRId64 ". Sticking on front", zm_packet->packet.stream_index, zm_packet->packet.dts); // Must be before any packets in the queue. Stick it at the beginning pktQueue.push_front(zm_packet); @@ -102,8 +108,8 @@ bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) { return true; } // end bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) -bool zm_packetqueue::queuePacket(AVPacket* av_packet) { - ZMPacket *zm_packet = new ZMPacket(av_packet); +bool zm_packetqueue::queuePacket(AVPacket* av_packet, AVStream *stream) { + ZMPacket *zm_packet = new ZMPacket(av_packet, stream); return queuePacket(zm_packet); } diff --git a/src/zm_packetqueue.h b/src/zm_packetqueue.h index fa422a529..984243c38 100644 --- a/src/zm_packetqueue.h +++ b/src/zm_packetqueue.h @@ -33,9 +33,9 @@ class zm_packetqueue { public: zm_packetqueue(int max_stream_id); virtual ~zm_packetqueue(); - bool queuePacket(AVPacket* packet, struct timeval *timestamp); + bool queuePacket(AVPacket* packet, AVStream *stream, struct timeval *timestamp); bool queuePacket(ZMPacket* packet); - bool queuePacket(AVPacket* packet); + bool queuePacket(AVPacket* packet, AVStream *stream); ZMPacket * popPacket(); bool popVideoPacket(ZMPacket* packet); bool popAudioPacket(ZMPacket* packet); diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index ea2b314dc..3ad93fd69 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -860,22 +860,23 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { if ( ipkt->duration != AV_NOPTS_VALUE ) { duration = av_rescale_q( ipkt->duration, - video_in_stream->time_base, + AV_TIME_BASE_Q, video_out_stream->time_base); Debug(1, "duration from ipkt: pts(%" PRId64 ") - last_pts(%" PRId64 ") = (%" PRId64 ") => (%" PRId64 ") (%d/%d) (%d/%d)", ipkt->pts, video_last_pts, ipkt->duration, duration, - video_in_stream->time_base.num, - video_in_stream->time_base.den, + 1, + AV_TIME_BASE, video_out_stream->time_base.num, video_out_stream->time_base.den ); } else { duration = av_rescale_q( ipkt->pts - video_last_pts, - video_in_stream->time_base, + AV_TIME_BASE_Q, + //video_in_stream->time_base, video_out_stream->time_base); Debug(1, "duration calc: pts(%" PRId64 ") - last_pts(%" PRId64 ") = (%" PRId64 ") => (%" PRId64 ")", ipkt->pts, @@ -885,7 +886,7 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { ); if ( duration <= 0 ) { // Why are we setting the duration to 1? - duration = ipkt->duration ? ipkt->duration : av_rescale_q(1,video_in_stream->time_base, video_out_stream->time_base); + duration = ipkt->duration ? ipkt->duration : av_rescale_q(1, AV_TIME_BASE_Q, video_out_stream->time_base); } } opkt.duration = duration; @@ -902,7 +903,8 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { } else { opkt.pts = av_rescale_q( ipkt->pts - video_first_pts, - video_in_stream->time_base, + AV_TIME_BASE_Q, + //video_in_stream->time_base, video_out_stream->time_base ); } @@ -929,7 +931,8 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { } else { opkt.dts = av_rescale_q( ipkt->dts - video_first_dts, - video_in_stream->time_base, + AV_TIME_BASE_Q, + //video_in_stream->time_base, video_out_stream->time_base ); Debug(3, "opkt.dts = %" PRId64 " from ipkt->dts(%" PRId64 ") - first_pts(%" PRId64 ")", @@ -1027,6 +1030,7 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { // sending AV_NOPTS_VALUE doesn't really work but we seem to get it in ffmpeg 2.8 out_frame->pts = audio_next_pts; } + // We need to keep track of this due to resampling audio_next_pts = out_frame->pts + out_frame->nb_samples; av_init_packet(&opkt); @@ -1087,7 +1091,8 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { if ( ipkt->duration && (ipkt->duration != AV_NOPTS_VALUE) ) { opkt.duration = av_rescale_q( ipkt->duration, - audio_in_stream->time_base, + AV_TIME_BASE_Q, + //audio_in_stream->time_base, audio_out_stream->time_base); } // Scale the PTS of the outgoing packet to be the correct time base @@ -1099,7 +1104,8 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { } else { opkt.pts = av_rescale_q( ipkt->pts - audio_first_pts, - audio_in_stream->time_base, + AV_TIME_BASE_Q, + //audio_in_stream->time_base, audio_out_stream->time_base); Debug(2, "audio opkt.pts = %" PRId64 " from ipkt->pts(%" PRId64 ") - first_pts(%" PRId64 ")", opkt.pts, ipkt->pts, audio_first_pts); @@ -1126,7 +1132,8 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { } else { opkt.dts = av_rescale_q( ipkt->dts - audio_first_dts, - audio_in_stream->time_base, + AV_TIME_BASE_Q, + //audio_in_stream->time_base, audio_out_stream->time_base); Debug(2, "opkt.dts = %" PRId64 " from ipkt.dts(%" PRId64 ") - first_dts(%" PRId64 ")", opkt.dts, ipkt->dts, audio_first_dts); @@ -1176,6 +1183,7 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { int VideoStore::resample_audio() { // Resample the in_frame into the audioSampleBuffer until we process the whole // decoded data. Note: pts does not survive resampling or converting + // if we ask for less samples than we input, convert_frame will buffer the remainder apparently #if defined(HAVE_LIBSWRESAMPLE) || defined(HAVE_LIBAVRESAMPLE) #if defined(HAVE_LIBSWRESAMPLE) Debug(2, "Converting %d to %d samples using swresample", @@ -1207,7 +1215,7 @@ int VideoStore::resample_audio() { audio_next_pts = out_frame->pts + out_frame->nb_samples; #endif - if ((ret = av_audio_fifo_realloc(fifo, av_audio_fifo_size(fifo) + out_frame->nb_samples)) < 0) { + if ( (ret = av_audio_fifo_realloc(fifo, av_audio_fifo_size(fifo) + out_frame->nb_samples)) < 0 ) { Error("Could not reallocate FIFO"); return 0; } @@ -1224,6 +1232,7 @@ int VideoStore::resample_audio() { // AAC requires 1024 samples per encode. Our input tends to be 160, so need to buffer them. if ( frame_size > av_audio_fifo_size(fifo) ) { + Debug(1, "Not enough samples in the fifo"); return 0; } @@ -1233,15 +1242,18 @@ int VideoStore::resample_audio() { } out_frame->nb_samples = frame_size; // resampling changes the duration because the timebase is 1/samples + out_frame->pkt_duration = out_frame->nb_samples; + // out_frame->sample_rate; if ( in_frame->pts != AV_NOPTS_VALUE ) { - out_frame->pkt_duration = av_rescale_q( - in_frame->pkt_duration, - audio_in_stream->time_base, - audio_out_stream->time_base); + //out_frame->pkt_duration = av_rescale_q( + //in_frame->pkt_duration, + //audio_in_stream->time_base, + //audio_out_stream->time_base); out_frame->pts = av_rescale_q( in_frame->pts, - audio_in_stream->time_base, - audio_out_stream->time_base); + AV_TIME_BASE_Q, + //audio_in_ctx->time_base, + audio_out_ctx->time_base); } #else #if defined(HAVE_LIBAVRESAMPLE) From 1241761683385418fddd96f43be911754abc1469 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 11 Jun 2019 10:58:54 -0400 Subject: [PATCH 175/360] Add a title popup telling people about the zoomin/out/pan functions. Add ctrl-click to zoomout --- web/skins/classic/views/js/watch.js | 3 +++ web/skins/classic/views/watch.php | 10 +++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/web/skins/classic/views/js/watch.js b/web/skins/classic/views/js/watch.js index a30a05fee..0f19a1802 100644 --- a/web/skins/classic/views/js/watch.js +++ b/web/skins/classic/views/js/watch.js @@ -686,6 +686,9 @@ function handleClick( event ) { if ( showMode == "events" || !imageControlMode ) { if ( event.shift ) { streamCmdPan( x, y ); + } else if ( event.event.ctrlKey ) { + console.log("Zooming out"); + streamCmdZoomOut(); } else { streamCmdZoomIn( x, y ); } diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php index 902baaa1c..e73afbe49 100644 --- a/web/skins/classic/views/watch.php +++ b/web/skins/classic/views/watch.php @@ -78,7 +78,15 @@ if ( canView('Control') && $monitor->Type() == 'Local' ) {
-
$scale) ); ?>
+
+>$scale) ); ?>
+ + Type() != 'WebSite' ) { ?>
From 1928d1153fdc4a0e32b2a0a621de90e87fb78d2f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 11 Jun 2019 13:32:15 -0400 Subject: [PATCH 176/360] spacing and quotes --- scripts/ZoneMinder/lib/ZoneMinder/Filter.pm | 91 ++++++++++----------- 1 file changed, 44 insertions(+), 47 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm b/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm index a057f55d9..8383e43b7 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm @@ -72,15 +72,15 @@ sub find { $sql .= ' WHERE ' . join(' AND ', @sql_filters ) if @sql_filters; $sql .= ' LIMIT ' . $sql_filters{limit} if $sql_filters{limit}; - my $sth = $ZoneMinder::Database::dbh->prepare_cached( $sql ) - or Fatal( "Can't prepare '$sql': ".$ZoneMinder::Database::dbh->errstr() ); - my $res = $sth->execute( @sql_values ) - or Fatal( "Can't execute '$sql': ".$sth->errstr() ); + my $sth = $ZoneMinder::Database::dbh->prepare_cached($sql) + or Fatal("Can't prepare '$sql': ".$ZoneMinder::Database::dbh->errstr()); + my $res = $sth->execute(@sql_values) + or Fatal("Can't execute '$sql': ".$sth->errstr()); my @results; while( my $db_filter = $sth->fetchrow_hashref() ) { - my $filter = new ZoneMinder::Filter( $$db_filter{Id}, $db_filter ); + my $filter = new ZoneMinder::Filter($$db_filter{Id}, $db_filter); push @results, $filter; } # end while $sth->finish(); @@ -98,7 +98,7 @@ sub Execute { my $sql = $self->Sql(undef); if ( $self->{HasDiskPercent} ) { - my $disk_percent = getDiskPercent( $$self{Storage} ? $$self{Storage}->Path() : () ); + my $disk_percent = getDiskPercent($$self{Storage} ? $$self{Storage}->Path() : ()); $sql =~ s/zmDiskPercent/$disk_percent/g; } if ( $self->{HasDiskBlocks} ) { @@ -111,16 +111,16 @@ sub Execute { } Debug("Filter::Execute SQL ($sql)"); - my $sth = $ZoneMinder::Database::dbh->prepare_cached( $sql ) - or Fatal( "Can't prepare '$sql': ".$ZoneMinder::Database::dbh->errstr() ); + my $sth = $ZoneMinder::Database::dbh->prepare_cached($sql) + or Fatal("Can't prepare '$sql': ".$ZoneMinder::Database::dbh->errstr()); my $res = $sth->execute(); if ( !$res ) { - Error( "Can't execute filter '$sql', ignoring: ".$sth->errstr() ); + Error("Can't execute filter '$sql', ignoring: ".$sth->errstr()); return; } my @results; - while( my $event = $sth->fetchrow_hashref() ) { + while ( my $event = $sth->fetchrow_hashref() ) { push @results, $event; } $sth->finish(); @@ -152,7 +152,7 @@ sub Sql { $self->{Sql} .= ' '.$term->{cnj}.' '; } if ( exists($term->{obr}) ) { - $self->{Sql} .= ' '.str_repeat( '(', $term->{obr} ).' '; + $self->{Sql} .= ' '.str_repeat('(', $term->{obr}).' '; } my $value = $term->{val}; my @value_list; @@ -216,17 +216,17 @@ sub Sql { if ( $temp_value eq 'ZM_SERVER_ID' ) { $value = "'$ZoneMinder::Config::Config{ZM_SERVER_ID}'"; # This gets used later, I forget for what - $$self{Server} = new ZoneMinder::Server( $ZoneMinder::Config::Config{ZM_SERVER_ID} ); + $$self{Server} = new ZoneMinder::Server($ZoneMinder::Config::Config{ZM_SERVER_ID}); } elsif ( $temp_value eq 'NULL' ) { $value = $temp_value; } else { $value = "'$temp_value'"; # This gets used later, I forget for what - $$self{Server} = new ZoneMinder::Server( $temp_value ); + $$self{Server} = new ZoneMinder::Server($temp_value); } } elsif ( $term->{attr} eq 'StorageId' ) { $value = "'$temp_value'"; - $$self{Storage} = new ZoneMinder::Storage( $temp_value ); + $$self{Storage} = new ZoneMinder::Storage($temp_value); } elsif ( $term->{attr} eq 'Name' || $term->{attr} eq 'Cause' || $term->{attr} eq 'Notes' @@ -236,10 +236,9 @@ sub Sql { if ( $temp_value eq 'NULL' ) { $value = $temp_value; } else { - $value = DateTimeToSQL( $temp_value ); + $value = DateTimeToSQL($temp_value); if ( !$value ) { - Error( "Error parsing date/time '$temp_value', " - ."skipping filter '$self->{Name}'\n" ); + Error("Error parsing date/time '$temp_value', skipping filter '$self->{Name}'"); return; } $value = "'$value'"; @@ -248,10 +247,9 @@ sub Sql { if ( $temp_value eq 'NULL' ) { $value = $temp_value; } else { - $value = DateTimeToSQL( $temp_value ); + $value = DateTimeToSQL($temp_value); if ( !$value ) { - Error( "Error parsing date/time '$temp_value', " - ."skipping filter '$self->{Name}'\n" ); + Error("Error parsing date/time '$temp_value', skipping filter '$self->{Name}'"); return; } $value = "to_days( '$value' )"; @@ -260,10 +258,9 @@ sub Sql { if ( $temp_value eq 'NULL' ) { $value = $temp_value; } else { - $value = DateTimeToSQL( $temp_value ); + $value = DateTimeToSQL($temp_value); if ( !$value ) { - Error( "Error parsing date/time '$temp_value', " - ."skipping filter '$self->{Name}'\n" ); + Error("Error parsing date/time '$temp_value', skipping filter '$self->{Name}'"); return; } $value = "extract( hour_second from '$value' )"; @@ -271,7 +268,7 @@ sub Sql { } else { $value = $temp_value; } - push( @value_list, $value ); + push @value_list, $value; } # end foreach temp_value } # end if has an attr if ( $term->{op} ) { @@ -290,15 +287,15 @@ sub Sql { } elsif ( $term->{op} eq 'IS NOT' ) { $self->{Sql} .= " IS NOT $value"; } elsif ( $term->{op} eq '=[]' ) { - $self->{Sql} .= " in (".join( ",", @value_list ).")"; + $self->{Sql} .= ' IN ('.join(',', @value_list).')'; } elsif ( $term->{op} eq '!~' ) { - $self->{Sql} .= " not in (".join( ",", @value_list ).")"; + $self->{Sql} .= ' NOT IN ('.join(',', @value_list).')'; } else { - $self->{Sql} .= ' '.$term->{op}." $value"; + $self->{Sql} .= ' '.$term->{op}.' '.$value; } } # end if has an operator if ( exists($term->{cbr}) ) { - $self->{Sql} .= ' '.str_repeat( ")", $term->{cbr} )." "; + $self->{Sql} .= ' '.str_repeat(')', $term->{cbr}).' '; } } # end foreach term } # end if terms @@ -320,22 +317,22 @@ sub Sql { # Don't do this, it prevents re-generation and concatenation. # If the file already exists, then the video won't be re-recreated if ( $self->{AutoVideo} ) { - push @auto_terms, "E.Videoed = 0"; + push @auto_terms, 'E.Videoed = 0'; } if ( $self->{AutoUpload} ) { - push @auto_terms, "E.Uploaded = 0"; + push @auto_terms, 'E.Uploaded = 0'; } if ( $self->{AutoEmail} ) { - push @auto_terms, "E.Emailed = 0"; + push @auto_terms, 'E.Emailed = 0'; } if ( $self->{AutoMessage} ) { - push @auto_terms, "E.Messaged = 0"; + push @auto_terms, 'E.Messaged = 0'; } if ( $self->{AutoExecute} ) { - push @auto_terms, "E.Executed = 0"; + push @auto_terms, 'E.Executed = 0'; } if ( @auto_terms ) { - $sql .= " and ( ".join( ' or ', @auto_terms )." )"; + $sql .= ' AND ( '.join(' or ', @auto_terms).' )'; } if ( !$filter_expr->{sort_field} ) { $filter_expr->{sort_field} = 'StartTime'; @@ -369,10 +366,10 @@ sub Sql { } else { $sort_column = 'E.StartTime'; } - my $sort_order = $filter_expr->{sort_asc}?'asc':'desc'; - $sql .= ' order by '.$sort_column." ".$sort_order; + my $sort_order = $filter_expr->{sort_asc} ? 'ASC' : 'DESC'; + $sql .= ' ORDER BY '.$sort_column." ".$sort_order; if ( $filter_expr->{limit} ) { - $sql .= " limit 0,".$filter_expr->{limit}; + $sql .= ' LIMIT 0,'.$filter_expr->{limit}; } $self->{Sql} = $sql; } # end if has Sql @@ -386,7 +383,7 @@ sub getDiskPercent { if ( $df =~ /\s(\d+)%/ms ) { $space = $1; } - return( $space ); + return $space; } sub getDiskBlocks { @@ -396,7 +393,7 @@ sub getDiskBlocks { if ( $df =~ /\s(\d+)\s+\d+\s+\d+%/ms ) { $space = $1; } - return( $space ); + return $space; } sub getLoad { @@ -405,9 +402,9 @@ sub getLoad { my $load = -1; if ( $uptime =~ /load average:\s+([\d.]+)/ms ) { $load = $1; - Info( "Load: $load" ); + Info("Load: $load"); } - return( $load ); + return $load; } # @@ -415,7 +412,7 @@ sub getLoad { # sub strtotime { my $dt_str = shift; - return( Date::Manip::UnixDate( $dt_str, '%s' ) ); + return Date::Manip::UnixDate($dt_str, '%s'); } # @@ -424,18 +421,18 @@ sub strtotime { sub str_repeat { my $string = shift; my $count = shift; - return( ${string}x${count} ); + return ${string}x${count}; } # Formats a date into MySQL format sub DateTimeToSQL { my $dt_str = shift; - my $dt_val = strtotime( $dt_str ); + my $dt_val = strtotime($dt_str); if ( !$dt_val ) { - Error( "Unable to parse date string '$dt_str'\n" ); - return( undef ); + Error("Unable to parse date string '$dt_str'"); + return undef; } - return( POSIX::strftime( "%Y-%m-%d %H:%M:%S", localtime( $dt_val ) ) ); + return POSIX::strftime('%Y-%m-%d %H:%M:%S', localtime($dt_val)); } 1; From 0a9ae1d4f9b35f53c1e7c52b80f3f0ccffc3c174 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 11 Jun 2019 13:55:57 -0400 Subject: [PATCH 177/360] Include pixdesc.h to get av_get_pix_fmt_name(AVPixelFormat) --- src/zm_ffmpeg.cpp | 3 +++ src/zm_ffmpeg_camera.cpp | 1 + 2 files changed, 4 insertions(+) diff --git a/src/zm_ffmpeg.cpp b/src/zm_ffmpeg.cpp index 029492f90..139ab5838 100644 --- a/src/zm_ffmpeg.cpp +++ b/src/zm_ffmpeg.cpp @@ -21,6 +21,9 @@ #include "zm_ffmpeg.h" #include "zm_image.h" #include "zm_rgb.h" +extern "C" { +#include "libavutil/pixdesc.h" +} #if HAVE_LIBAVCODEC || HAVE_LIBAVUTIL || HAVE_LIBSWSCALE diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 9cf2d93ef..31ce90f1e 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -29,6 +29,7 @@ extern "C" { #if HAVE_LIBAVUTIL_HWCONTEXT_H #include "libavutil/hwcontext.h" #endif +#include "libavutil/pixdesc.h" } #ifndef AV_ERROR_MAX_STRING_SIZE #define AV_ERROR_MAX_STRING_SIZE 64 From 1e7cf8c7cf4994a324a74352e44c6586e9c94b49 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 11 Jun 2019 14:38:28 -0400 Subject: [PATCH 178/360] fix eslint, Fix video not resuming after setting speed to 0. --- web/skins/classic/views/js/montagereview.js | 164 +++++++++++--------- 1 file changed, 94 insertions(+), 70 deletions(-) diff --git a/web/skins/classic/views/js/montagereview.js b/web/skins/classic/views/js/montagereview.js index e3b07e5f3..f95268e5a 100644 --- a/web/skins/classic/views/js/montagereview.js +++ b/web/skins/classic/views/js/montagereview.js @@ -45,7 +45,7 @@ function evaluateLoadTimes() { $('fps').innerHTML="Display refresh rate is " + (1000 / currentDisplayInterval).toFixed(1) + " per second, avgFrac=" + avgFrac.toFixed(3) + "."; } // end evaluateLoadTimes() -function getFrame(monId, time, last_Frame=null) { +function getFrame(monId, time, last_Frame) { if ( last_Frame ) { if ( (last_Frame.TimeStampSecs <= time) @@ -57,7 +57,7 @@ function getFrame(monId, time, last_Frame=null) { } var events_for_monitor = events_by_monitor_id[monId]; - if ( ! events_for_monitor ) { + if ( !events_for_monitor ) { console.log("No events for monitor " + monId); return; } @@ -155,7 +155,6 @@ function getImageSource(monId, time) { frame_id = Frame.FrameId + parseInt( (NextFrame.FrameId-Frame.FrameId) * ( time-Frame.TimeStampSecs )/duration ); //console.log("Have NextFrame: duration: " + duration + " frame_id = " + frame_id + " from " + NextFrame.FrameId + ' - ' + Frame.FrameId + " time: " + (time-Frame.TimeStampSecs) ); } - } else { frame_id = Frame['Id']; console.log("No NextFrame"); @@ -234,6 +233,7 @@ function loadNoData( monId ) { console.log("No monId in loadNoData"); } } + function writeText( monId, text ) { if ( monId ) { var canvasCtx = monitorCanvasCtx[monId]; @@ -273,20 +273,26 @@ function timerFire() { if ( ( currentDisplayInterval != timerInterval ) || ( currentSpeed == 0 ) ) { // zero just turn off interrupts clearInterval(timerObj); - timerInterval=currentDisplayInterval; - if ( currentSpeed>0 || liveMode!=0 ) timerObj=setInterval(timerFire, timerInterval); // don't fire out of live mode if speed is zero + timerObj = null; + timerInterval = currentDisplayInterval; + console.log("Turn off nterrupts timerInterfave" + timerInterval); + } + + if ( (currentSpeed > 0 || liveMode != 0) && ! timerObj ) { + timerObj = setInterval(timerFire, timerInterval); // don't fire out of live mode if speed is zero } if ( liveMode ) { + console.log("liveMode"); outputUpdate(currentTimeSecs); // In live mode we basically do nothing but redisplay - } else if ( currentTimeSecs + playSecsperInterval >= maxTimeSecs ) { + } else if ( currentTimeSecs + playSecsPerInterval >= maxTimeSecs ) { // beyond the end just stop - console.log("Current time " + currentTimeSecs + " + " + playSecsperInterval + " >= " + maxTimeSecs + " so stopping"); + console.log("Current time " + currentTimeSecs + " + " + playSecsPerInterval + " >= " + maxTimeSecs + " so stopping"); setSpeed(0); outputUpdate(currentTimeSecs); } else { - //console.log("Current time " + currentTimeSecs + " + " + playSecsperInterval ); - outputUpdate(playSecsperInterval + currentTimeSecs); + //console.log("Current time " + currentTimeSecs + " + " + playSecsPerInterval); + outputUpdate(playSecsPerInterval + currentTimeSecs); } return; } @@ -308,10 +314,10 @@ function drawSliderOnGraph(val) { if ( numMonitors > 0 ) { // if we have no data to display don't do the slider itself - var sliderX = parseInt( (val - minTimeSecs) / rangeTimeSecs * cWidth - sliderWidth/2); // position left side of slider + var sliderX = parseInt((val - minTimeSecs) / rangeTimeSecs * cWidth - sliderWidth/2); // position left side of slider if ( sliderX < 0 ) sliderX = 0; - if ( sliderX+sliderWidth > cWidth ) { - sliderX=cWidth-sliderWidth-1; + if ( sliderX + sliderWidth > cWidth ) { + sliderX = cWidth-sliderWidth-1; } // If we have data already saved first restore it from LAST time @@ -337,20 +343,20 @@ function drawSliderOnGraph(val) { o.style.color = "red"; } else { o.innerHTML = secs2dbstr(val); - o.style.color="blue"; + o.style.color = "blue"; } - o.style.position="absolute"; + o.style.position = "absolute"; o.style.bottom = labbottom; o.style.font = labfont; // try to get length and then when we get too close to the right switch to the left var len = o.offsetWidth; var x; - if (sliderX > cWidth/2) { - x=sliderX - len - 10; + if ( sliderX > cWidth/2 ) { + x = sliderX - len - 10; } else { - x=sliderX + 10; + x = sliderX + 10; } - o.style.left=x.toString() + "px"; + o.style.left = x.toString() + "px"; } // This displays (or not) the left/right limits depending on how close the slider is. @@ -391,7 +397,7 @@ function drawSliderOnGraph(val) { } function drawGraph() { - var divWidth=$('timelinediv').clientWidth; + var divWidth = $('timelinediv').clientWidth; canvas.width = cWidth = divWidth; // Let it float and determine width (it should be sized a bit smaller percentage of window) cHeight = parseInt(window.innerHeight * 0.10); if ( cHeight < numMonitors * 20 ) { @@ -400,14 +406,14 @@ function drawGraph() { canvas.height = cHeight; - if ( Object.keys(events).length == 0 ) { - ctx.globalAlpha=1; - ctx.font= "40px Georgia"; - ctx.fillStyle="white"; - var t="No data found in range - choose differently"; - var l=ctx.measureText(t).width; + if ( events && ( Object.keys(events).length == 0 ) ) { + ctx.globalAlpha = 1; + ctx.font = "40px Georgia"; + ctx.fillStyle = "white"; + var t = "No data found in range - choose differently"; + var l = ctx.measureText(t).width; ctx.fillText(t, (cWidth - l)/2, cHeight-10); - underSlider=undefined; + underSlider = undefined; return; } var rowHeight = parseInt(cHeight / (numMonitors + 1) ); // Leave room for a scale of some sort @@ -441,14 +447,15 @@ function drawGraph() { } // end foreach frame } // end foreach Event - for (var i=0; i now ) { maxSecs = parseInt(now); } - maxStr="&maxTime=" + secs2inputstr(maxSecs); + maxStr = "&maxTime=" + secs2inputstr(maxSecs); $('maxTime').value = secs2inputstr(maxSecs); } if ( minSecs > 0 ) { $('minTime').value = secs2inputstr(minSecs); - minStr="&minTime=" + secs2inputstr(minSecs); + minStr = "&minTime=" + secs2inputstr(minSecs); } if ( maxSecs == 0 && minSecs == 0 ) { - minStr="&minTime=01/01/1950T12:00:00"; - maxStr="&maxTime=12/31/2035T12:00:00"; + minStr = "&minTime=01/01/1950T12:00:00"; + maxStr = "&maxTime=12/31/2035T12:00:00"; } var intervalStr="&displayinterval=" + currentDisplayInterval.toString(); if ( minSecs && maxSecs ) { if ( currentTimeSecs > minSecs && currentTimeSecs < maxSecs ) { // make sure time is in the new range - currentStr="¤t=" + secs2dbstr(currentTimeSecs); + currentStr = "¤t=" + secs2dbstr(currentTimeSecs); } } - var liveStr="&live=0"; + var liveStr = "&live=0"; if ( live == 1 ) { - liveStr="&live=1"; + liveStr = "&live=1"; } - var zoomStr=""; - for ( var i=0; i < numMonitors; i++ ) { + var zoomStr = ""; + for ( var i = 0; i < numMonitors; i++ ) { if ( monitorZoomScale[monitorPtr[i]] < 0.99 || monitorZoomScale[monitorPtr[i]] > 1.01 ) { // allow for some up/down changes and just treat as 1 of almost 1 zoomStr += "&z" + monitorPtr[i].toString() + "=" + monitorZoomScale[monitorPtr[i]].toFixed(2); } @@ -726,7 +736,7 @@ function click_panright() { clicknav(minTimeSecs, maxTimeSecs, 0); } function click_download() { - createPopup( '?view=download', 'zmDownload', 'download' ); + createPopup('?view=download', 'zmDownload', 'download'); } function click_all_events() { clicknav(0, 0, 0); @@ -745,7 +755,6 @@ function compSize(a, b) { // sort array by some size parameter - height seems t else return 1; } - function maxfit2(divW, divH) { var bestFitX=[]; // how we arranged the so-far best match var bestFitX2=[]; @@ -777,7 +786,7 @@ function maxfit2(divW, divH) { function doesItFit(x, y, w, h, d) { // does block (w,h) fit at position (x,y) relative to edge and other nodes already done (0..d) if (x+w>=divW) return 0; if (y+h>=divH) return 0; - for (var i=0; i<=d; i++) { + for ( var i=0; i <= d; i++ ) { if ( !( thisX[i]>x+w-1 || thisX2[i] < x || thisY[i] > y+h-1 || thisY2[i] < y ) ) return 0; } return 1; // it's OK @@ -862,7 +871,7 @@ function showOneMonitor(monId) { url = '?view=watch&mid=' + monId.toString(); createPopup(url, 'zmWatch', 'watch', monitorWidth[monId], monitorHeight[monId]); } else { - var Frame = getFrame( monId, currentTimeSecs ); + var Frame = getFrame(monId, currentTimeSecs); if ( Frame ) { url = '?view=event&eid=' + Frame.EventId + '&fid=' + Frame.FrameId; createPopup(url, 'zmEvent', 'event', monitorWidth[monId], monitorHeight[monId]); @@ -941,23 +950,24 @@ function initPage() { for ( var i = 0, len = monitorPtr.length; i < len; i += 1 ) { var monId = monitorPtr[i]; - if ( ! monId ) continue; - monitorCanvasObj[monId] = $('Monitor'+monId ); - if ( ! monitorCanvasObj[monId] ) { - alert("Couldn't find DOM element for Monitor"+monId + "monitorPtr.length="+len); + if ( !monId ) continue; + monitorCanvasObj[monId] = $('Monitor'+monId); + if ( !monitorCanvasObj[monId] ) { + alert("Couldn't find DOM element for Monitor" + monId + "monitorPtr.length=" + len); } else { monitorCanvasCtx[monId] = monitorCanvasObj[monId].getContext('2d'); var imageObject = monitorImageObject[monId] = new Image(); imageObject.monId = monId; imageObject.onload = function() { - imagedone(this, this.monId, true ); + imagedone(this, this.monId, true); }; imageObject.onerror = function() { - imagedone(this, this.monId, false ); + imagedone(this, this.monId, false); }; - loadImage2Monitor( monId, monitorImageURL[monId] ); + loadImage2Monitor(monId, monitorImageURL[monId]); } - } + } // end foreach monitor + if ( !liveMode ) { canvas = $("timeline"); @@ -1006,15 +1016,29 @@ function initPage() { } } }); - $j('#scaleslider').bind('change', function() { setScale(this.value); }); - $j('#scaleslider').bind('input', function() { showScale(this.value); }); - $j('#speedslider').bind('change', function() { setSpeed(this.value); }); - $j('#speedslider').bind('input', function() { showSpeed(this.value); }); + $j('#scaleslider').bind('change', function() { + setScale(this.value); + }); + $j('#scaleslider').bind('input', function() { + showScale(this.value); + }); + $j('#speedslider').bind('change', function() { + setSpeed(this.value); + }); + $j('#speedslider').bind('input', function() { + showSpeed(this.value); + }); - $j('#liveButton').bind('click', function() { setLive(1-liveMode); }); - $j('#fit').bind('click', function() { setFit(1-fitMode); }); - $j('#archive_status').bind('change', function() { console.log('submitting'); this.form.submit(); }); + $j('#liveButton').bind('click', function() { + setLive(1-liveMode); + }); + $j('#fit').bind('click', function() { + setFit(1-fitMode); + }); + $j('#archive_status').bind('change', function() { + this.form.submit(); + }); } window.addEventListener("resize", redrawScreen, {passive: true}); // Kick everything off -window.addEventListener( 'DOMContentLoaded', initPage ); +window.addEventListener('DOMContentLoaded', initPage); From ec7b373913f99b8eafad98dce303d04032cc437b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 11 Jun 2019 14:38:51 -0400 Subject: [PATCH 179/360] fix structure of events_by_monitor_id --- web/skins/classic/views/js/montagereview.js.php | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/web/skins/classic/views/js/montagereview.js.php b/web/skins/classic/views/js/montagereview.js.php index 4f7cad02a..4fc8ef511 100644 --- a/web/skins/classic/views/js/montagereview.js.php +++ b/web/skins/classic/views/js/montagereview.js.php @@ -46,7 +46,7 @@ if ( !$liveMode ) { $EventsById = array(); - while( $event = $result->fetch(PDO::FETCH_ASSOC) ) { + while ( $event = $result->fetch(PDO::FETCH_ASSOC) ) { $event_id = $event['Id']; $EventsById[$event_id] = $event; } @@ -99,14 +99,9 @@ if ( !$liveMode ) { array_push($events_by_monitor_id[$event['MonitorId']], $event_id); } # end foreach Event - echo " }; - var events_by_monitor_id = { - \n"; + echo ' }; - foreach ( $events_by_monitor_id as $monitor_id=>$event_ids ) { - echo "$monitor_id : ".json_encode($event_ids, JSON_NUMERIC_CHECK) . "\n"; - } - echo " };\n"; + var events_by_monitor_id = '.json_encode($events_by_monitor_id, JSON_NUMERIC_CHECK)."\n"; // if there is no data set the min/max to the passed in values if ( $index == 0 ) { From 30a210f68f18d98f894fdb511492abe972cb4487 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 12 Jun 2019 10:05:08 -0400 Subject: [PATCH 180/360] also need to adjust dts of last packet when switching events --- src/zm_ffmpeg_camera.cpp | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 093648946..201c0ff0e 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -776,10 +776,19 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event // Also don't know how much it matters for audio. if ( packet.stream_index == mVideoStreamId ) { //Write the packet to our video store - int ret = videoStore->writeVideoFramePacket(&packet); + AVPacket out_packet; + av_init_packet(&out_packet); + if ( zm_av_packet_ref(&out_packet, &packet) < 0 ) { + Error("error refing packet"); + } + out_packet.pts = av_rescale_q(out_packet.pts, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + out_packet.dts = av_rescale_q(out_packet.dts, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + out_packet.duration = av_rescale_q(out_packet.duration, mFormatContext->streams[packet.stream_index]->time_base, AV_TIME_BASE_Q); + int ret = videoStore->writeVideoFramePacket(&out_packet); if ( ret < 0 ) { //Less than zero and we skipped a frame Warning("Error writing last packet to videostore."); } + zm_av_packet_unref(&out_packet); } // end if video delete videoStore; From 9a33e55efc3384421d4fd407762941b1275f115a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 13 Jun 2019 11:53:26 -0400 Subject: [PATCH 181/360] Bump log level to warning if we are restarting any daemons. Daemons should NOT need to be restarted in a healthy system. --- scripts/zmwatch.pl.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/zmwatch.pl.in b/scripts/zmwatch.pl.in index e48b8d9d3..30d500ee7 100644 --- a/scripts/zmwatch.pl.in +++ b/scripts/zmwatch.pl.in @@ -104,7 +104,7 @@ while( 1 ) { if ( !$capture_time ) { my $startup_time = zmGetStartupTime($monitor); if ( ( $now - $startup_time ) > $Config{ZM_WATCH_MAX_DELAY} ) { - Info( + Warning( "Restarting capture daemon for $$monitor{Name}, no image since startup. ". "Startup time was $startup_time - now $now > $Config{ZM_WATCH_MAX_DELAY}" ); @@ -126,7 +126,7 @@ while( 1 ) { my $image_delay = $now-$capture_time; Debug("Monitor $monitor->{Id} last captured $image_delay seconds ago, max is $max_image_delay"); if ( $image_delay > $max_image_delay ) { - Info("Restarting capture daemon for " + Warning("Restarting capture daemon for " .$monitor->{Name}.", time since last capture $image_delay seconds ($now-$capture_time)" ); $restart = 1; @@ -173,7 +173,7 @@ while( 1 ) { my $image_delay = $now-$image_time; Debug("Monitor $monitor->{Id} last analysed $image_delay seconds ago, max is $max_image_delay"); if ( $image_delay > $max_image_delay ) { - Info("Analysis daemon for $$monitor{Id} $$monitor{Name} needs restarting," + Warning("Analysis daemon for $$monitor{Id} $$monitor{Name} needs restarting," ." time since last analysis $image_delay seconds ($now-$image_time)" ); $restart = 1; From b0735051468e8350df5abbf82fcd826296a94b8c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 13 Jun 2019 15:47:58 -0400 Subject: [PATCH 182/360] If either pts or dts is AV_NOPTS_VALUE then set equal to the other --- src/zm_ffmpeg_camera.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 201c0ff0e..edf338f6e 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -758,6 +758,11 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event int keyframe = packet.flags & AV_PKT_FLAG_KEY; bytes += packet.size; dumpPacket(mFormatContext->streams[packet.stream_index], &packet, "Captured Packet"); + if ( packet.dts == AV_NOPTS_VALUE ) { + packet.dts = packet.pts; + } else if ( packet.pts == AV_NOPTS_VALUE ) { + packet.pts = packet.dts; + } // Video recording if ( recording.tv_sec ) { @@ -967,7 +972,8 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event ret = avcodec_receive_frame(mVideoCodecContext, mRawFrame); if ( ret < 0 ) { av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Warning("Unable to receive frame %d: %s, continuing", frameCount, errbuf); + Warning("Unable to receive frame %d: %s, continuing. error count is %s", + frameCount, errbuf, error_count); error_count += 1; if ( error_count > 100 ) { Error("Error count over 100, going to close and re-open stream"); From 695bdfc1c682c64ef3de07301682b181ec64bb5b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 13 Jun 2019 15:48:41 -0400 Subject: [PATCH 183/360] big ::Analyze logic cleanup. Also implement close continuous event before starting motion event in MOCORD --- src/zm_monitor.cpp | 115 ++++++++++++++------------------------------- 1 file changed, 36 insertions(+), 79 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index a33ed81e3..b907f2395 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -1378,6 +1378,7 @@ bool Monitor::Analyse() { if ( trigger_data->trigger_state == TRIGGER_ON ) { score += trigger_data->trigger_score; if ( !event ) { + // How could it have a length already? if ( cause.length() ) cause += ", "; cause += trigger_data->trigger_cause; @@ -1405,40 +1406,41 @@ bool Monitor::Analyse() { cause += SIGNAL_CAUSE; } Event::StringSet noteSet; - noteSet.insert( signalText ); + noteSet.insert(signalText); noteSetMap[SIGNAL_CAUSE] = noteSet; shared_data->state = state = IDLE; shared_data->active = signal; ref_image = *snap_image; - } else if ( signal && Active() && (function == MODECT || function == MOCORD) ) { - Event::StringSet zoneSet; - if ( (!motion_frame_skip) || !(image_count % (motion_frame_skip+1) ) ) { - // Get new score. - int new_motion_score = DetectMotion(*snap_image, zoneSet); + } else if ( signal ) { + if ( Active() && (function == MODECT || function == MOCORD) ) { + // All is good, so add motion detection score. + Event::StringSet zoneSet; + if ( (!motion_frame_skip) || !(image_count % (motion_frame_skip+1) ) ) { + // Get new score. + int new_motion_score = DetectMotion(*snap_image, zoneSet); - Debug(3, - "After motion detection, last_motion_score(%d), new motion score(%d)", - last_motion_score, new_motion_score - ); - last_motion_score = new_motion_score; - } - if ( last_motion_score ) { - if ( !event ) { - score += last_motion_score; - if ( cause.length() ) - cause += ", "; - cause += MOTION_CAUSE; - } else { - score += last_motion_score; + Debug(3, + "After motion detection, last_motion_score(%d), new motion score(%d)", + last_motion_score, new_motion_score + ); + last_motion_score = new_motion_score; } - noteSetMap[MOTION_CAUSE] = zoneSet; - } // end if motion_score - shared_data->active = signal; - } // end if signal change + if ( last_motion_score ) { + score += last_motion_score; + if ( !event ) { + if ( cause.length() ) + cause += ", "; + cause += MOTION_CAUSE; + } + noteSetMap[MOTION_CAUSE] = zoneSet; + } // end if motion_score + //shared_data->active = signal; // unneccessary active gets set on signal change + } // end if active and doing motion detection - if ( (!signal_change) && signal) { + // Check to see if linked monitors are triggering. if ( n_linked_monitors > 0 ) { + // FIXME improve logic here bool first_link = true; Event::StringSet noteSet; for ( int i = 0; i < n_linked_monitors; i++ ) { @@ -1499,62 +1501,20 @@ bool Monitor::Analyse() { shared_data->state = state = TAPE; } - //if ( config.overlap_timed_events ) - if ( false ) { - int pre_index; - int pre_event_images = pre_event_count; - - if ( analysis_fps ) { - // If analysis fps is set, - // compute the index for pre event images in the dedicated buffer - pre_index = pre_event_buffer_count ? image_count%pre_event_buffer_count : 0; - - // Seek forward the next filled slot in to the buffer (oldest data) - // from the current position - while ( pre_event_images && !pre_event_buffer[pre_index].timestamp->tv_sec ) { - pre_index = (pre_index + 1)%pre_event_buffer_count; - // Slot is empty, removing image from counter - pre_event_images--; - } - } else { - // If analysis fps is not set (analysis performed at capturing framerate), - // compute the index for pre event images in the capturing buffer - pre_index = ((index + image_buffer_count) - pre_event_count)%image_buffer_count; - - // Seek forward the next filled slot in to the buffer (oldest data) - // from the current position - while ( pre_event_images && !image_buffer[pre_index].timestamp->tv_sec ) { - pre_index = (pre_index + 1)%image_buffer_count; - // Slot is empty, removing image from counter - pre_event_images--; - } - } - - if ( pre_event_images ) { - if ( analysis_fps ) { - for ( int i = 0; i < pre_event_images; i++ ) { - timestamps[i] = pre_event_buffer[pre_index].timestamp; - images[i] = pre_event_buffer[pre_index].image; - pre_index = (pre_index + 1)%pre_event_buffer_count; - } - } else { - for ( int i = 0; i < pre_event_images; i++ ) { - timestamps[i] = image_buffer[pre_index].timestamp; - images[i] = image_buffer[pre_index].image; - pre_index = (pre_index + 1)%image_buffer_count; - } - } - - event->AddFrames( pre_event_images, images, timestamps ); - } - } // end if false or config.overlap_timed_events } // end if ! event } // end if function == RECORD || function == MOCORD) } // end if !signal_change && signal if ( score ) { if ( state == IDLE || state == TAPE || state == PREALARM ) { + // This is so if we need more than 1 alarm frame before going into alarm, so it is basically if we have enough alarm frames if ( (!pre_event_count) || (Event::PreAlarmCount() >= alarm_frame_count) ) { + // If we should end then previous continuous event and start a new non-continuous event + if ( event && event->Frames() && !event->AlarmFrames() ) { + Info("%s: %03d - Closing event %" PRIu64 ", continuous end, alarm begins", + name, image_count, event->Id()); + closeEvent(); + } shared_data->state = state = ALARM; // lets construct alarm cause. It will contain cause + names of zones alarmed std::string alarm_cause = ""; @@ -1568,14 +1528,11 @@ bool Monitor::Analyse() { strncpy(shared_data->alarm_cause,alarm_cause.c_str(), sizeof(shared_data->alarm_cause)-1); Info("%s: %03d - Gone into alarm state PreAlarmCount: %u > AlarmFrameCount:%u Cause:%s", name, image_count, Event::PreAlarmCount(), alarm_frame_count, shared_data->alarm_cause); - if ( signal_change || (function != MOCORD && state != ALERT) ) { + + if ( !event ) { int pre_index; int pre_event_images = pre_event_count; - if ( event ) { - // Shouldn't be able to happen because - Error("Creating new event when one exists"); - } if ( analysis_fps && pre_event_count ) { // If analysis fps is set, // compute the index for pre event images in the dedicated buffer From c4dc5f34e4a081bf667dfe97a5e8ef1efe737431 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 16 Jun 2019 11:59:23 -0400 Subject: [PATCH 184/360] add event file system path to API (#2639) --- web/api/app/Controller/EventsController.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/web/api/app/Controller/EventsController.php b/web/api/app/Controller/EventsController.php index 2f6cfd494..2eb5f7280 100644 --- a/web/api/app/Controller/EventsController.php +++ b/web/api/app/Controller/EventsController.php @@ -35,6 +35,7 @@ class EventsController extends AppController { $this->Event->recursive = -1; global $user; + require_once __DIR__ .'/../../../includes/Event.php'; $allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null; if ( $allowedMonitors ) { @@ -87,9 +88,13 @@ class EventsController extends AppController { $events = $this->Paginator->paginate('Event'); // For each event, get the frameID which has the largest score + // also add FS path + foreach ( $events as $key => $value ) { + $EventObj = new ZM\Event($value['Event']['Id']); $maxScoreFrameId = $this->getMaxScoreAlarmFrameId($value['Event']['Id']); $events[$key]['Event']['MaxScoreFrameId'] = $maxScoreFrameId; + $events[$key]['Event']['FileSystemPath'] = $EventObj->Path(); } $this->set(compact('events')); @@ -131,6 +136,9 @@ class EventsController extends AppController { $event['Event']['fileExists'] = $this->Event->fileExists($event['Event']); $event['Event']['fileSize'] = $this->Event->fileSize($event['Event']); + $EventObj = new ZM\Event($id); + $event['Event']['FileSystemPath'] = $EventObj->Path(); + # Also get the previous and next events for the same monitor $event_monitor_neighbors = $this->Event->find('neighbors', array( 'conditions'=>array('Event.MonitorId'=>$event['Event']['MonitorId']) From 98bf7800b0d9bc66dee872c7d2c727fa922b319e Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 16 Jun 2019 11:59:48 -0400 Subject: [PATCH 185/360] remove a password log, corrected PHP version in log (#2627) * remove a password log, corrected PHP version in log * PHP version correction --- web/includes/actions/user.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/web/includes/actions/user.php b/web/includes/actions/user.php index 988b40be1..a786f78d7 100644 --- a/web/includes/actions/user.php +++ b/web/includes/actions/user.php @@ -32,7 +32,7 @@ if ( $action == 'user' ) { $pass_hash = '"'.password_hash($_REQUEST['newUser']['Password'], PASSWORD_BCRYPT).'"'; } else { $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; - ZM\Info('Cannot use bcrypt as you are using PHP < 5.5'); + ZM\Info('Cannot use bcrypt as you are using PHP < 5.3'); } if ( $_REQUEST['newUser']['Password'] ) { @@ -70,7 +70,6 @@ if ( $action == 'user' ) { } if ( !empty($_REQUEST['newUser']['Password']) ) { - ZM\Info('PASS CMD='.$changes['Password']); $changes['Password'] = 'Password = '.$pass_hash; } From 1336c03f97aa776362863830edefbf2e506a7477 Mon Sep 17 00:00:00 2001 From: Tom Hodder Date: Sun, 16 Jun 2019 17:02:00 +0100 Subject: [PATCH 186/360] WIP: Add pagination to frames.php in classic (#2618) * add pagination to the frames.php results * remove commented code, fix view all paging * removing debugging logging statements * default frames paging to on --- web/includes/functions.php | 20 ++++- web/skins/classic/views/frames.php | 123 +++++++++++++++++++++++++++-- 2 files changed, 134 insertions(+), 9 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 29293afde..e1016bb82 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -1077,13 +1077,28 @@ function parseSort( $saveToSession=false, $querySep='&' ) { case 'MaxScore' : $sortColumn = 'E.MaxScore'; break; + case 'FramesFrameId' : + $sortColumn = 'F.FrameId'; + break; + case 'FramesType' : + $sortColumn = 'F.Type'; + break; + case 'FramesTimeStamp' : + $sortColumn = 'F.TimeStamp'; + break; + case 'FramesDelta' : + $sortColumn = 'F.Delta'; + break; + case 'FramesScore' : + $sortColumn = 'F.Score'; + break; default: $sortColumn = 'E.StartTime'; break; } - $sortOrder = $_REQUEST['sort_asc']?'asc':'desc'; if ( !$_REQUEST['sort_asc'] ) $_REQUEST['sort_asc'] = 0; + $sortOrder = $_REQUEST['sort_asc']?'asc':'desc'; $sortQuery = $querySep.'sort_field='.validHtmlStr($_REQUEST['sort_field']).$querySep.'sort_asc='.validHtmlStr($_REQUEST['sort_asc']); if ( !isset($_REQUEST['limit']) ) $_REQUEST['limit'] = ''; @@ -1168,6 +1183,9 @@ function parseFilter(&$filter, $saveToSession=false, $querySep='&') { case 'StartDateTime': $filter['sql'] .= 'E.StartTime'; break; + case 'FramesEventId': + $filter['sql'] .= 'F.EventId'; + break; case 'StartDate': $filter['sql'] .= 'to_days( E.StartTime )'; break; diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php index 17ed9c2f2..9a877ae3b 100644 --- a/web/skins/classic/views/frames.php +++ b/web/skins/classic/views/frames.php @@ -22,8 +22,44 @@ if ( !canView('Events') ) { $view = 'error'; return; } + require_once('includes/Frame.php'); -$Event = new ZM\Event($_REQUEST['eid']); + +$countSql = 'SELECT COUNT(*) AS FrameCount FROM Frames AS F WHERE 1 '; +$frameSql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames AS F WHERE 1 '; + +$eid = $_REQUEST['eid']; + +// override the sort_field handling in parseSort for frames +if ( empty($_REQUEST['sort_field']) ) + $_REQUEST['sort_field'] = 'FramesTimeStamp'; + +if ( !isset($_REQUEST['sort_asc']) ) + $_REQUEST['sort_asc'] = true; + +if( ! isset($_REQUEST['filter'])){ + // generate a dummy filter from the eid for pagination + $_REQUEST['filter'] = array('Query' => array( 'terms' => array( ) ) ); + $_REQUEST['filter'] = addFilterTerm( + $_REQUEST['filter'], + 0, + array( 'cnj' => 'and', 'attr' => 'FramesEventId', 'op' => '=', 'val' => $eid ) + ); +} + +parseSort(); +parseFilter($_REQUEST['filter']); +$filterQuery = $_REQUEST['filter']['query']; + + +if ( $_REQUEST['filter']['sql'] ) { + $countSql .= $_REQUEST['filter']['sql']; + $frameSql .= $_REQUEST['filter']['sql']; +} + +$frameSql .= " ORDER BY $sortColumn $sortOrder,Id $sortOrder"; + +$Event = new ZM\Event($eid); $Monitor = $Event->Monitor(); if ( isset( $_REQUEST['scale'] ) ) { @@ -35,8 +71,40 @@ if ( isset( $_REQUEST['scale'] ) ) { } else { $scale = max(reScale(SCALE_BASE, $Monitor->DefaultScale(), ZM_WEB_DEFAULT_SCALE), SCALE_BASE); } -$sql = 'SELECT *, unix_timestamp(TimeStamp) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId'; -$frames = dbFetchAll($sql, NULL, array($_REQUEST['eid'])); + +$page = isset($_REQUEST['page']) ? validInt($_REQUEST['page']) : 1; +$limit = isset($_REQUEST['limit']) ? validInt($_REQUEST['limit']) : 0; + +$nEvents = dbFetchOne($countSql, 'FrameCount' ); + +if ( !empty($limit) && $nEvents > $limit ) { + $nEvents = $limit; +} + +$pages = (int)ceil($nEvents/ZM_WEB_EVENTS_PER_PAGE); + +if ( !empty($page) ) { + if ( $page < 0 ) + $page = 1; + else if ( $pages and ( $page > $pages ) ) + $page = $pages; + + $limitStart = (($page-1)*ZM_WEB_EVENTS_PER_PAGE); + if ( empty( $limit ) ) { + $limitAmount = ZM_WEB_EVENTS_PER_PAGE; + } else { + $limitLeft = $limit - $limitStart; + $limitAmount = ($limitLeft>ZM_WEB_EVENTS_PER_PAGE)?ZM_WEB_EVENTS_PER_PAGE:$limitLeft; + } + $frameSql .= " limit $limitStart, $limitAmount"; +} elseif ( !empty($limit) ) { + $frameSql .= ' limit 0, '.$limit; +} + +$maxShortcuts = 5; +$pagination = getPagination($pages, $page, $maxShortcuts, $sortQuery.'&eid='.$eid.$limitQuery.$filterQuery); + +$frames = dbFetchAll( $frameSql ); $focusWindow = true; @@ -47,18 +115,48 @@ xhtmlHeaders(__FILE__, translate('Frames').' - '.$Event->Id());
+ + + + + + + + - - - - - + + + + + @@ -122,6 +220,15 @@ if ( count($frames) ) { ?>
+ + +

+ +
From dc7707bbc19d2f7d37dff9dc99896968c6a44169 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 18 Jun 2019 10:03:14 -0400 Subject: [PATCH 187/360] fix an oninput and use validHtmlStr on ServerNames storageName MonitorName etc in dropdowns --- web/skins/classic/views/filter.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php index da965b4e9..1eb4b71c3 100644 --- a/web/skins/classic/views/filter.php +++ b/web/skins/classic/views/filter.php @@ -137,19 +137,19 @@ for ( $i = 0; $i < 7; $i++ ) { $weekdays[$i] = strftime('%A', mktime(12, 0, 0, 1, $i+1, 2001)); } $states = array(); -foreach ( dbFetchAll('SELECT Id,Name FROM States ORDER BY lower(Name) ASC') as $state_row ) { - $states[$state_row['Id']] = $state_row['Name']; +foreach ( dbFetchAll('SELECT Id, Name FROM States ORDER BY lower(Name) ASC') as $state_row ) { + $states[$state_row['Id']] = validHtmlStr($state_row['Name']); } $servers = array(); $servers['ZM_SERVER_ID'] = 'Current Server'; $servers['NULL'] = 'No Server'; -foreach ( dbFetchAll('SELECT Id,Name FROM Servers ORDER BY lower(Name) ASC') as $server ) { - $servers[$server['Id']] = $server['Name']; +foreach ( dbFetchAll('SELECT Id, Name FROM Servers ORDER BY lower(Name) ASC') as $server ) { + $servers[$server['Id']] = validHtmlStr($server['Name']); } $monitors = array(); -foreach ( dbFetchAll('SELECT Id,Name FROM Monitors ORDER BY Name ASC') as $monitor ) { +foreach ( dbFetchAll('SELECT Id, Name FROM Monitors ORDER BY Name ASC') as $monitor ) { if ( visibleMonitor($monitor['Id']) ) { - $monitors[$monitor['Name']] = $monitor['Name']; + $monitors[$monitor['Name']] = validHtmlStr($monitor['Name']); } } @@ -188,7 +188,7 @@ if ( (null !== $filter->Concurrent()) and $filter->Concurrent() )

- +

@@ -247,7 +247,7 @@ for ( $i=0; $i < count($terms); $i++ ) { - +
From 33951ae584e459ecc8854504c6c0bb0d9fe3cc7e Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 19 Jun 2019 08:36:37 -0400 Subject: [PATCH 188/360] Print out an error when a monitor is in MONITOR mode because we can't handle alarms. Allow signals to terminate zmu by checking zm_terminate. --- src/zmu.cpp | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/zmu.cpp b/src/zmu.cpp index 07f9ae8aa..bd70f8337 100644 --- a/src/zmu.cpp +++ b/src/zmu.cpp @@ -571,14 +571,18 @@ int main(int argc, char *argv[]) { monitor->DumpZoneImage(zoneString); } if ( function & ZMU_ALARM ) { - if ( verbose ) - printf("Forcing alarm on\n"); - monitor->ForceAlarmOn(config.forced_alarm_score, "Forced Web"); - while ( monitor->GetState() != Monitor::ALARM ) { - // Wait for monitor to notice. - usleep(1000); - } - printf("Alarmed event id: %" PRIu64 "\n", monitor->GetLastEventId()); + if ( monitor->GetFunction() == Monitor::Function::MONITOR ) { + printf("A Monitor in monitor mode cannot handle alarms. Please use NoDect\n"); + } else { + if ( verbose ) + printf("Forcing alarm on\n"); + monitor->ForceAlarmOn(config.forced_alarm_score, "Forced Web"); + while ( (monitor->GetState() != Monitor::ALARM) && !zm_terminate ) { + // Wait for monitor to notice. + usleep(1000); + } + printf("Alarmed event id: %" PRIu64 "\n", monitor->GetLastEventId()); + } // end if ! MONITOR } if ( function & ZMU_NOALARM ) { if ( verbose ) From 2d5f84cd22a30a7c813b9aae37f6a74520448877 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 16 Jun 2019 11:59:23 -0400 Subject: [PATCH 189/360] add event file system path to API (#2639) --- web/api/app/Controller/EventsController.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/web/api/app/Controller/EventsController.php b/web/api/app/Controller/EventsController.php index 2f6cfd494..2eb5f7280 100644 --- a/web/api/app/Controller/EventsController.php +++ b/web/api/app/Controller/EventsController.php @@ -35,6 +35,7 @@ class EventsController extends AppController { $this->Event->recursive = -1; global $user; + require_once __DIR__ .'/../../../includes/Event.php'; $allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null; if ( $allowedMonitors ) { @@ -87,9 +88,13 @@ class EventsController extends AppController { $events = $this->Paginator->paginate('Event'); // For each event, get the frameID which has the largest score + // also add FS path + foreach ( $events as $key => $value ) { + $EventObj = new ZM\Event($value['Event']['Id']); $maxScoreFrameId = $this->getMaxScoreAlarmFrameId($value['Event']['Id']); $events[$key]['Event']['MaxScoreFrameId'] = $maxScoreFrameId; + $events[$key]['Event']['FileSystemPath'] = $EventObj->Path(); } $this->set(compact('events')); @@ -131,6 +136,9 @@ class EventsController extends AppController { $event['Event']['fileExists'] = $this->Event->fileExists($event['Event']); $event['Event']['fileSize'] = $this->Event->fileSize($event['Event']); + $EventObj = new ZM\Event($id); + $event['Event']['FileSystemPath'] = $EventObj->Path(); + # Also get the previous and next events for the same monitor $event_monitor_neighbors = $this->Event->find('neighbors', array( 'conditions'=>array('Event.MonitorId'=>$event['Event']['MonitorId']) From a6e42e43176d18e8332218c305dde8bde0a5231d Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 16 Jun 2019 11:59:48 -0400 Subject: [PATCH 190/360] remove a password log, corrected PHP version in log (#2627) * remove a password log, corrected PHP version in log * PHP version correction --- web/includes/actions/user.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/web/includes/actions/user.php b/web/includes/actions/user.php index 988b40be1..a786f78d7 100644 --- a/web/includes/actions/user.php +++ b/web/includes/actions/user.php @@ -32,7 +32,7 @@ if ( $action == 'user' ) { $pass_hash = '"'.password_hash($_REQUEST['newUser']['Password'], PASSWORD_BCRYPT).'"'; } else { $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; - ZM\Info('Cannot use bcrypt as you are using PHP < 5.5'); + ZM\Info('Cannot use bcrypt as you are using PHP < 5.3'); } if ( $_REQUEST['newUser']['Password'] ) { @@ -70,7 +70,6 @@ if ( $action == 'user' ) { } if ( !empty($_REQUEST['newUser']['Password']) ) { - ZM\Info('PASS CMD='.$changes['Password']); $changes['Password'] = 'Password = '.$pass_hash; } From 70a91c7069654be0fef22a514eaabc5e7df8a98f Mon Sep 17 00:00:00 2001 From: Tom Hodder Date: Sun, 16 Jun 2019 17:02:00 +0100 Subject: [PATCH 191/360] WIP: Add pagination to frames.php in classic (#2618) * add pagination to the frames.php results * remove commented code, fix view all paging * removing debugging logging statements * default frames paging to on --- web/includes/functions.php | 20 ++++- web/skins/classic/views/frames.php | 123 +++++++++++++++++++++++++++-- 2 files changed, 134 insertions(+), 9 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 29293afde..e1016bb82 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -1077,13 +1077,28 @@ function parseSort( $saveToSession=false, $querySep='&' ) { case 'MaxScore' : $sortColumn = 'E.MaxScore'; break; + case 'FramesFrameId' : + $sortColumn = 'F.FrameId'; + break; + case 'FramesType' : + $sortColumn = 'F.Type'; + break; + case 'FramesTimeStamp' : + $sortColumn = 'F.TimeStamp'; + break; + case 'FramesDelta' : + $sortColumn = 'F.Delta'; + break; + case 'FramesScore' : + $sortColumn = 'F.Score'; + break; default: $sortColumn = 'E.StartTime'; break; } - $sortOrder = $_REQUEST['sort_asc']?'asc':'desc'; if ( !$_REQUEST['sort_asc'] ) $_REQUEST['sort_asc'] = 0; + $sortOrder = $_REQUEST['sort_asc']?'asc':'desc'; $sortQuery = $querySep.'sort_field='.validHtmlStr($_REQUEST['sort_field']).$querySep.'sort_asc='.validHtmlStr($_REQUEST['sort_asc']); if ( !isset($_REQUEST['limit']) ) $_REQUEST['limit'] = ''; @@ -1168,6 +1183,9 @@ function parseFilter(&$filter, $saveToSession=false, $querySep='&') { case 'StartDateTime': $filter['sql'] .= 'E.StartTime'; break; + case 'FramesEventId': + $filter['sql'] .= 'F.EventId'; + break; case 'StartDate': $filter['sql'] .= 'to_days( E.StartTime )'; break; diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php index 17ed9c2f2..9a877ae3b 100644 --- a/web/skins/classic/views/frames.php +++ b/web/skins/classic/views/frames.php @@ -22,8 +22,44 @@ if ( !canView('Events') ) { $view = 'error'; return; } + require_once('includes/Frame.php'); -$Event = new ZM\Event($_REQUEST['eid']); + +$countSql = 'SELECT COUNT(*) AS FrameCount FROM Frames AS F WHERE 1 '; +$frameSql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames AS F WHERE 1 '; + +$eid = $_REQUEST['eid']; + +// override the sort_field handling in parseSort for frames +if ( empty($_REQUEST['sort_field']) ) + $_REQUEST['sort_field'] = 'FramesTimeStamp'; + +if ( !isset($_REQUEST['sort_asc']) ) + $_REQUEST['sort_asc'] = true; + +if( ! isset($_REQUEST['filter'])){ + // generate a dummy filter from the eid for pagination + $_REQUEST['filter'] = array('Query' => array( 'terms' => array( ) ) ); + $_REQUEST['filter'] = addFilterTerm( + $_REQUEST['filter'], + 0, + array( 'cnj' => 'and', 'attr' => 'FramesEventId', 'op' => '=', 'val' => $eid ) + ); +} + +parseSort(); +parseFilter($_REQUEST['filter']); +$filterQuery = $_REQUEST['filter']['query']; + + +if ( $_REQUEST['filter']['sql'] ) { + $countSql .= $_REQUEST['filter']['sql']; + $frameSql .= $_REQUEST['filter']['sql']; +} + +$frameSql .= " ORDER BY $sortColumn $sortOrder,Id $sortOrder"; + +$Event = new ZM\Event($eid); $Monitor = $Event->Monitor(); if ( isset( $_REQUEST['scale'] ) ) { @@ -35,8 +71,40 @@ if ( isset( $_REQUEST['scale'] ) ) { } else { $scale = max(reScale(SCALE_BASE, $Monitor->DefaultScale(), ZM_WEB_DEFAULT_SCALE), SCALE_BASE); } -$sql = 'SELECT *, unix_timestamp(TimeStamp) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId'; -$frames = dbFetchAll($sql, NULL, array($_REQUEST['eid'])); + +$page = isset($_REQUEST['page']) ? validInt($_REQUEST['page']) : 1; +$limit = isset($_REQUEST['limit']) ? validInt($_REQUEST['limit']) : 0; + +$nEvents = dbFetchOne($countSql, 'FrameCount' ); + +if ( !empty($limit) && $nEvents > $limit ) { + $nEvents = $limit; +} + +$pages = (int)ceil($nEvents/ZM_WEB_EVENTS_PER_PAGE); + +if ( !empty($page) ) { + if ( $page < 0 ) + $page = 1; + else if ( $pages and ( $page > $pages ) ) + $page = $pages; + + $limitStart = (($page-1)*ZM_WEB_EVENTS_PER_PAGE); + if ( empty( $limit ) ) { + $limitAmount = ZM_WEB_EVENTS_PER_PAGE; + } else { + $limitLeft = $limit - $limitStart; + $limitAmount = ($limitLeft>ZM_WEB_EVENTS_PER_PAGE)?ZM_WEB_EVENTS_PER_PAGE:$limitLeft; + } + $frameSql .= " limit $limitStart, $limitAmount"; +} elseif ( !empty($limit) ) { + $frameSql .= ' limit 0, '.$limit; +} + +$maxShortcuts = 5; +$pagination = getPagination($pages, $page, $maxShortcuts, $sortQuery.'&eid='.$eid.$limitQuery.$filterQuery); + +$frames = dbFetchAll( $frameSql ); $focusWindow = true; @@ -47,18 +115,48 @@ xhtmlHeaders(__FILE__, translate('Frames').' - '.$Event->Id());
+ + + + + + + + - - - - - + + + + + @@ -122,6 +220,15 @@ if ( count($frames) ) { ?>
+ + +

+ +
From 77eb15ff174293e388ec73aa681a6bf9b305e479 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 18 Jun 2019 10:03:14 -0400 Subject: [PATCH 192/360] fix an oninput and use validHtmlStr on ServerNames storageName MonitorName etc in dropdowns --- web/skins/classic/views/filter.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php index da965b4e9..1eb4b71c3 100644 --- a/web/skins/classic/views/filter.php +++ b/web/skins/classic/views/filter.php @@ -137,19 +137,19 @@ for ( $i = 0; $i < 7; $i++ ) { $weekdays[$i] = strftime('%A', mktime(12, 0, 0, 1, $i+1, 2001)); } $states = array(); -foreach ( dbFetchAll('SELECT Id,Name FROM States ORDER BY lower(Name) ASC') as $state_row ) { - $states[$state_row['Id']] = $state_row['Name']; +foreach ( dbFetchAll('SELECT Id, Name FROM States ORDER BY lower(Name) ASC') as $state_row ) { + $states[$state_row['Id']] = validHtmlStr($state_row['Name']); } $servers = array(); $servers['ZM_SERVER_ID'] = 'Current Server'; $servers['NULL'] = 'No Server'; -foreach ( dbFetchAll('SELECT Id,Name FROM Servers ORDER BY lower(Name) ASC') as $server ) { - $servers[$server['Id']] = $server['Name']; +foreach ( dbFetchAll('SELECT Id, Name FROM Servers ORDER BY lower(Name) ASC') as $server ) { + $servers[$server['Id']] = validHtmlStr($server['Name']); } $monitors = array(); -foreach ( dbFetchAll('SELECT Id,Name FROM Monitors ORDER BY Name ASC') as $monitor ) { +foreach ( dbFetchAll('SELECT Id, Name FROM Monitors ORDER BY Name ASC') as $monitor ) { if ( visibleMonitor($monitor['Id']) ) { - $monitors[$monitor['Name']] = $monitor['Name']; + $monitors[$monitor['Name']] = validHtmlStr($monitor['Name']); } } @@ -188,7 +188,7 @@ if ( (null !== $filter->Concurrent()) and $filter->Concurrent() )

- +

@@ -247,7 +247,7 @@ for ( $i=0; $i < count($terms); $i++ ) { - + + + + + +Type() == 'Ffmpeg' ) { +?> + + + + + + + + Type() != 'NVSocket' && $monitor->Type() != 'WebSite' ) { From 0103df9781fdfc99b2a804f9c16c343e146cf698 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:35:09 -0400 Subject: [PATCH 238/360] bump verison --- version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version b/version index b47971c3e..ca7a1ec9c 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.33.10 +1.33.11 From 679b6b1b2db742b3dfb878a98dd4112c914d05a7 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:47:23 -0400 Subject: [PATCH 239/360] remove old qsv code --- src/zm_ffmpeg_camera.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index fe0211a2e..cd359a64c 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -28,7 +28,6 @@ extern "C" { #include "libavutil/time.h" #if HAVE_LIBAVUTIL_HWCONTEXT_H #include "libavutil/hwcontext.h" - #include "libavutil/hwcontext_qsv.h" #endif } #ifndef AV_ERROR_MAX_STRING_SIZE From 5ab4414b11b371e89a549121f387a194468dcfae Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:58:55 -0400 Subject: [PATCH 240/360] Only include hwaccel support if LIBAVUTIL_HWCONTEXT_H is deifned --- src/zm_ffmpeg_camera.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index cd359a64c..fbf1d4792 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -426,6 +426,7 @@ int FfmpegCamera::OpenFfmpeg() { zm_dump_stream_format(mFormatContext, mVideoStreamId, 0, 0); if ( hwaccel_name != "" ) { +#if HAVE_LIBAVUTIL_HWCONTEXT_H enum AVHWDeviceType type = AV_HWDEVICE_TYPE_NONE; while ( (type = av_hwdevice_iterate_types(type)) != AV_HWDEVICE_TYPE_NONE ) Debug(1, "%s", av_hwdevice_get_type_name(type)); @@ -465,6 +466,9 @@ int FfmpegCamera::OpenFfmpeg() { mVideoCodecContext->hw_device_ctx = av_buffer_ref(hw_device_ctx); hwaccel = true; hwFrame = zm_av_frame_alloc(); +#else + Warning("HWAccel support not compiled in."); +#endif } // end if hwacel_name // Open the codec From a44631a59ddf1fe05df4927f1aa01dc3286d3f13 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 16:35:07 -0400 Subject: [PATCH 241/360] rough in support for ffmpeg 3.4 --- src/zm_ffmpeg_camera.cpp | 46 ++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 16 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index fbf1d4792..5d671ee2b 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -57,6 +57,32 @@ static enum AVPixelFormat get_hw_format( Error("Failed to get HW surface format."); return AV_PIX_FMT_NONE; } +#if !LIBAVUTIL_VERSION_CHECK(56, 22, 0, 14, 0) +static enum AVPixelFormat find_fmt_by_hw_type(const enum AVHWDeviceType type) { + enum AVPixelFormat fmt; + switch (type) { + case AV_HWDEVICE_TYPE_VAAPI: + fmt = AV_PIX_FMT_VAAPI; + break; + case AV_HWDEVICE_TYPE_DXVA2: + fmt = AV_PIX_FMT_DXVA2_VLD; + break; + case AV_HWDEVICE_TYPE_D3D11VA: + fmt = AV_PIX_FMT_D3D11; + break; + case AV_HWDEVICE_TYPE_VDPAU: + fmt = AV_PIX_FMT_VDPAU; + break; + case AV_HWDEVICE_TYPE_VIDEOTOOLBOX: + fmt = AV_PIX_FMT_VIDEOTOOLBOX; + break; + default: + fmt = AV_PIX_FMT_NONE; + break; + } + return fmt; +} +#endif #endif FfmpegCamera::FfmpegCamera( @@ -392,22 +418,6 @@ int FfmpegCamera::OpenFfmpeg() { mVideoCodecContext->flags2 |= CODEC_FLAG2_FAST | CODEC_FLAG_LOW_DELAY; #endif - AVHWAccel *first_hwaccel = av_hwaccel_next(NULL); - AVHWAccel *temp_hwaccel = first_hwaccel; - AVHWAccel *h264 = NULL; - const char * h264_name = "h264_vaapi"; - while ( temp_hwaccel != NULL ) { - Debug(1,"%s ", temp_hwaccel->name); - if ( strcmp(temp_hwaccel->name, h264_name) == 0 ) { - h264=temp_hwaccel; - } - temp_hwaccel = av_hwaccel_next(temp_hwaccel); - - if ( temp_hwaccel == first_hwaccel ) { - break; - } - } - if ( mVideoCodecContext->codec_id == AV_CODEC_ID_H264 ) { if ( (mVideoCodec = avcodec_find_decoder_by_name("h264_mmal")) == NULL ) { Debug(1, "Failed to find decoder (h264_mmal)" ); @@ -439,6 +449,7 @@ int FfmpegCamera::OpenFfmpeg() { Debug(1, "Found hwdevice %s", av_hwdevice_get_type_name(type)); } +#if LIBAVUTIL_VERSION_CHECK(56, 22, 0, 14, 0) // Get h_pix_fmt for ( int i = 0;; i++ ) { const AVCodecHWConfig *config = avcodec_get_hw_config(mVideoCodec, i); @@ -454,6 +465,9 @@ int FfmpegCamera::OpenFfmpeg() { break; } } // end foreach hwconfig +#else + hw_pix_fmt = find_fmt_by_hw_type(type); +#endif mVideoCodecContext->get_format = get_hw_format; From 7389bbcb2541e1d42a201727d21c31cbe392ada8 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 21:47:19 -0400 Subject: [PATCH 242/360] better debug in selecting hw_format, add CUDA, add setting device for hwaccel --- src/zm_ffmpeg_camera.cpp | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 5d671ee2b..f69e13777 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -47,15 +47,18 @@ static enum AVPixelFormat get_hw_format( AVCodecContext *ctx, const enum AVPixelFormat *pix_fmts ) { - const enum AVPixelFormat *p; + const enum AVPixelFormat *p; - for ( p = pix_fmts; *p != -1; p++ ) { - if ( *p == hw_pix_fmt ) - return *p; - } + for ( p = pix_fmts; *p != -1; p++ ) { + if ( *p == hw_pix_fmt ) + return *p; + } - Error("Failed to get HW surface format."); - return AV_PIX_FMT_NONE; + Error("Failed to get HW surface format for %s.", av_get_pix_fmt_name(hw_pix_fmt)); + for ( p = pix_fmts; *p != -1; p++ ) + Error("Available HW surface format was %s.", av_get_pix_fmt_name(*p)); + + return AV_PIX_FMT_NONE; } #if !LIBAVUTIL_VERSION_CHECK(56, 22, 0, 14, 0) static enum AVPixelFormat find_fmt_by_hw_type(const enum AVHWDeviceType type) { @@ -73,6 +76,9 @@ static enum AVPixelFormat find_fmt_by_hw_type(const enum AVHWDeviceType type) { case AV_HWDEVICE_TYPE_VDPAU: fmt = AV_PIX_FMT_VDPAU; break; + case AV_HWDEVICE_TYPE_CUDA: + fmt = AV_PIX_FMT_CUDA; + break; case AV_HWDEVICE_TYPE_VIDEOTOOLBOX: fmt = AV_PIX_FMT_VIDEOTOOLBOX; break; @@ -471,8 +477,9 @@ int FfmpegCamera::OpenFfmpeg() { mVideoCodecContext->get_format = get_hw_format; - Debug(1, "Creating hwdevice"); - if ((ret = av_hwdevice_ctx_create(&hw_device_ctx, type, NULL, NULL, 0)) < 0) { + Debug(1, "Creating hwdevice for %s", (hwaccel_device != "" ? hwaccel_device.c_str() : "")); + if ((ret = av_hwdevice_ctx_create(&hw_device_ctx, type, + (hwaccel_device != "" ? hwaccel_device.c_str(): NULL), NULL, 0)) < 0) { Error("Failed to create specified HW device."); return -1; } From 86e8b5856123f6a59c34a52b79715be815d5ace4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 22:06:00 -0400 Subject: [PATCH 243/360] move hw_device_ctx under ifdef for HWCONTEXT_H --- src/zm_ffmpeg_camera.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_ffmpeg_camera.h b/src/zm_ffmpeg_camera.h index 210a67f45..3eb52d1f8 100644 --- a/src/zm_ffmpeg_camera.h +++ b/src/zm_ffmpeg_camera.h @@ -63,8 +63,8 @@ class FfmpegCamera : public Camera { AVFrame *hwFrame; #if HAVE_LIBAVUTIL_HWCONTEXT_H DecodeContext decode; -#endif AVBufferRef *hw_device_ctx = NULL; +#endif // Used to store the incoming packet, it will get copied when queued. // We only ever need one at a time, so instead of constantly allocating From 2a65b339c141fae0175fea896af53918a2761a3d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 22:19:09 -0400 Subject: [PATCH 244/360] init hw_pix_fmt in constructor --- src/zm_ffmpeg_camera.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index f69e13777..9a3c3a3bc 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -151,6 +151,9 @@ FfmpegCamera::FfmpegCamera( have_video_keyframe = false; packetqueue = NULL; error_count = 0; +#if HAVE_LIBAVUTIL_HWCONTEXT_H + hw_pix_fmt = AV_PIX_FMT_NONE; +#endif #if HAVE_LIBSWSCALE mConvertContext = NULL; @@ -915,7 +918,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( error_count > 0 ) error_count --; zm_dump_video_frame(mRawFrame); #if HAVE_LIBAVUTIL_HWCONTEXT_H - if ( mRawFrame->format == hw_pix_fmt ) { + if ( hw_pix_fmt != mRawFrame->format == hw_pix_fmt ) { /* retrieve data from GPU to CPU */ ret = av_hwframe_transfer_data(hwFrame, mRawFrame, 0); if ( ret < 0 ) { From d26286a170126ca545a1fe41aaa60c7fde123d81 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 03:40:18 -0400 Subject: [PATCH 245/360] fix test for hwtransfer needed --- src/zm_ffmpeg_camera.cpp | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 9a3c3a3bc..9bf257f19 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -169,7 +169,7 @@ FfmpegCamera::FfmpegCamera( subpixelorder = ZM_SUBPIX_ORDER_NONE; imagePixFormat = AV_PIX_FMT_GRAY8; } else { - Panic("Unexpected colours: %d",colours); + Panic("Unexpected colours: %d", colours); } } // FfmpegCamera::FfmpegCamera @@ -342,20 +342,18 @@ int FfmpegCamera::OpenFfmpeg() { } AVDictionaryEntry *e=NULL; while ( (e = av_dict_get(opts, "", e, AV_DICT_IGNORE_SUFFIX)) != NULL ) { - Warning( "Option %s not recognized by ffmpeg", e->key); + Warning("Option %s not recognized by ffmpeg", e->key); } av_dict_free(&opts); - Debug(1, "Opened input"); - - Info( "Stream open %s, parsing streams...", mPath.c_str() ); + Info("Stream open %s, parsing streams...", mPath.c_str()); #if !LIBAVFORMAT_VERSION_CHECK(53, 6, 0, 6, 0) Debug(4, "Calling av_find_stream_info"); - if ( av_find_stream_info( mFormatContext ) < 0 ) + if ( av_find_stream_info(mFormatContext) < 0 ) #else Debug(4, "Calling avformat_find_stream_info"); - if ( avformat_find_stream_info( mFormatContext, 0 ) < 0 ) + if ( avformat_find_stream_info(mFormatContext, 0) < 0 ) #endif { Error("Unable to find stream info from %s due to: %s", mPath.c_str(), strerror(errno)); @@ -446,6 +444,7 @@ int FfmpegCamera::OpenFfmpeg() { if ( hwaccel_name != "" ) { #if HAVE_LIBAVUTIL_HWCONTEXT_H +// Print out available types enum AVHWDeviceType type = AV_HWDEVICE_TYPE_NONE; while ( (type = av_hwdevice_iterate_types(type)) != AV_HWDEVICE_TYPE_NONE ) Debug(1, "%s", av_hwdevice_get_type_name(type)); @@ -477,6 +476,7 @@ int FfmpegCamera::OpenFfmpeg() { #else hw_pix_fmt = find_fmt_by_hw_type(type); #endif +Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt)); mVideoCodecContext->get_format = get_hw_format; @@ -518,7 +518,6 @@ int FfmpegCamera::OpenFfmpeg() { Debug(1, "HWACCEL not in use"); } - if ( mAudioStreamId >= 0 ) { if ( (mAudioCodec = avcodec_find_decoder( #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) @@ -617,7 +616,7 @@ int FfmpegCamera::OpenFfmpeg() { } #endif #else // HAVE_LIBSWSCALE - Fatal( "You must compile ffmpeg with the --enable-swscale option to use ffmpeg cameras" ); + Fatal("You must compile ffmpeg with the --enable-swscale option to use ffmpeg cameras"); #endif // HAVE_LIBSWSCALE if ( @@ -918,7 +917,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( error_count > 0 ) error_count --; zm_dump_video_frame(mRawFrame); #if HAVE_LIBAVUTIL_HWCONTEXT_H - if ( hw_pix_fmt != mRawFrame->format == hw_pix_fmt ) { + if ( (hw_pix_fmt != AV_PIX_FMT_NONE) && (mRawFrame->format == hw_pix_fmt) ) { /* retrieve data from GPU to CPU */ ret = av_hwframe_transfer_data(hwFrame, mRawFrame, 0); if ( ret < 0 ) { @@ -1006,7 +1005,7 @@ int FfmpegCamera::transfer_to_image(Image &image, AVFrame *output_frame, AVFrame imagePixFormat, width, height); #endif #if HAVE_LIBSWSCALE - if ( ! mConvertContext ) { + if ( !mConvertContext ) { mConvertContext = sws_getContext( input_frame->width, input_frame->height, @@ -1015,8 +1014,12 @@ int FfmpegCamera::transfer_to_image(Image &image, AVFrame *output_frame, AVFrame imagePixFormat, SWS_BICUBIC, NULL, NULL, NULL); if ( mConvertContext == NULL ) { - Error("Unable to create conversion context for %s", mPath.c_str()); - return -1; + Error("Unable to create conversion context for %s from %s to %s", + mPath.c_str(), + av_get_pix_fmt_name((AVPixelFormat)input_frame->format), + av_get_pix_fmt_name(imagePixFormat) + ); + return -1; } } From 0686f487acd6c9f62ba93e01b2d8933844eb6754 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 04:18:25 -0400 Subject: [PATCH 246/360] %s => %d for error count --- src/zm_ffmpeg_camera.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 9bf257f19..781424b8b 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -904,7 +904,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event ret = zm_receive_frame(mVideoCodecContext, mRawFrame, packet); if ( ret < 0 ) { - Warning("Unable to receive frame %d: %s, continuing. error count is %s", + Warning("Unable to receive frame %d: %s, continuing. error count is %d", frameCount, av_make_error_string(ret).c_str(), error_count); error_count += 1; if ( error_count > 100 ) { From 763fe16a0418d54474d2b315594a6cad6cb345d1 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 10:20:23 -0400 Subject: [PATCH 247/360] Google code style, merge some fprintf's --- src/zm_fifo.cpp | 468 +++++++++++++++++++++++++----------------------- 1 file changed, 242 insertions(+), 226 deletions(-) diff --git a/src/zm_fifo.cpp b/src/zm_fifo.cpp index 538b696fa..96e7c845e 100644 --- a/src/zm_fifo.cpp +++ b/src/zm_fifo.cpp @@ -1,14 +1,30 @@ +// +// ZoneMinder Fifo Debug +// Copyright (C) 2019 ZoneMinder LLC +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// + #include -#include -#include +#include #include #include #include - + #include "zm.h" -#include "zm_db.h" #include "zm_time.h" -#include "zm_mpeg.h" #include "zm_signal.h" #include "zm_monitor.h" #include "zm_fifo.h" @@ -17,231 +33,231 @@ static bool zm_fifodbg_inited = false; FILE *zm_fifodbg_log_fd = 0; char zm_fifodbg_log[PATH_MAX] = ""; -static bool zmFifoDbgOpen(){ - if (zm_fifodbg_log_fd) - fclose(zm_fifodbg_log_fd); - zm_fifodbg_log_fd = NULL; - signal(SIGPIPE, SIG_IGN); - FifoStream::fifo_create_if_missing(zm_fifodbg_log); - int fd = open(zm_fifodbg_log,O_WRONLY|O_NONBLOCK|O_TRUNC); - if (fd < 0) - return ( false ); - int res = flock(fd,LOCK_EX | LOCK_NB); - if (res < 0) - { - close(fd); - return ( false ); - } - zm_fifodbg_log_fd = fdopen(fd,"wb"); - if (zm_fifodbg_log_fd == NULL) - { - close(fd); - return ( false ); - } - return ( true ); -} -int zmFifoDbgInit(Monitor *monitor){ - zm_fifodbg_inited = true; - snprintf( zm_fifodbg_log, sizeof(zm_fifodbg_log), "%s/%d/dbgpipe.log", monitor->getStorage()->Path(), monitor->Id() ); - zmFifoDbgOpen(); - return 1; -} -void zmFifoDbgOutput( int hex, const char * const file, const int line, const int level, const char *fstring, ... ){ - char dbg_string[8192]; - va_list arg_ptr; - if (! zm_fifodbg_inited) - return; - if (! zm_fifodbg_log_fd && ! zmFifoDbgOpen()) - return; - - char *dbg_ptr = dbg_string; - va_start( arg_ptr, fstring ); - if ( hex ) - { - unsigned char *data = va_arg( arg_ptr, unsigned char * ); - int len = va_arg( arg_ptr, int ); - int i; - dbg_ptr += snprintf( dbg_ptr, sizeof(dbg_string)-(dbg_ptr-dbg_string), "%d:", len ); - for ( i = 0; i < len; i++ ) - { - dbg_ptr += snprintf( dbg_ptr, sizeof(dbg_string)-(dbg_ptr-dbg_string), " %02x", data[i] ); - } - } - else - { - dbg_ptr += vsnprintf( dbg_ptr, sizeof(dbg_string)-(dbg_ptr-dbg_string), fstring, arg_ptr ); - } - va_end(arg_ptr); - strncpy( dbg_ptr++, "\n", 1); - int res = fwrite( dbg_string, dbg_ptr-dbg_string, 1, zm_fifodbg_log_fd ); - if (res != 1){ - fclose(zm_fifodbg_log_fd); - zm_fifodbg_log_fd = NULL; - } - else - { - fflush(zm_fifodbg_log_fd); - } -} -bool FifoStream::sendRAWFrames(){ - static unsigned char buffer[RAW_BUFFER]; - int fd = open(stream_path,O_RDONLY); - if (fd < 0) - { - Error( "Can't open %s: %s", stream_path, strerror(errno)); - return( false ); - } - while( (bytes_read = read(fd,buffer,RAW_BUFFER)) ) - { - if (bytes_read == 0) - continue; - if (bytes_read < 0) - { - Error( "Problem during reading: %s", strerror(errno)); - close(fd); - return( false ); - } - if ( fwrite( buffer, bytes_read, 1, stdout ) != 1){ - Error( "Problem during writing: %s", strerror(errno)); - close(fd); - return( false ); - } - fflush( stdout ); - } - close(fd); - return ( true ); +static bool zmFifoDbgOpen() { + if ( zm_fifodbg_log_fd ) + fclose(zm_fifodbg_log_fd); + zm_fifodbg_log_fd = NULL; + signal(SIGPIPE, SIG_IGN); + FifoStream::fifo_create_if_missing(zm_fifodbg_log); + int fd = open(zm_fifodbg_log, O_WRONLY|O_NONBLOCK|O_TRUNC); + if ( fd < 0 ) + return false; + int res = flock(fd, LOCK_EX | LOCK_NB); + if ( res < 0 ) { + close(fd); + return false; + } + zm_fifodbg_log_fd = fdopen(fd, "wb"); + if ( zm_fifodbg_log_fd == NULL ) { + close(fd); + return false; + } + return true; } -void FifoStream::file_create_if_missing(const char * path, bool is_fifo,bool delete_fake_fifo){ - static struct stat st; - if(stat(path,&st) == 0){ - - if (! is_fifo || S_ISFIFO(st.st_mode) || ! delete_fake_fifo) - return; - Debug(5, "Supposed to be a fifo pipe but isn't, unlinking: %s", path); - unlink(path); - } - int fd; - if (! is_fifo){ - Debug(5, "Creating non fifo file as requested: %s", path); - fd = open(path,O_CREAT|O_WRONLY,S_IRUSR|S_IWUSR); - close(fd); - return; - } - Debug(5, "Making fifo file of: %s", path); - mkfifo(path,S_IRUSR|S_IWUSR); -} -void FifoStream::fifo_create_if_missing(const char * path, bool delete_fake_fifo){ - file_create_if_missing(path,true,delete_fake_fifo); -} -bool FifoStream::sendMJEGFrames(){ - static unsigned char buffer[ZM_MAX_IMAGE_SIZE]; - int fd = open(stream_path,O_RDONLY); - if (fd < 0) - { - Error( "Can't open %s: %s", stream_path, strerror(errno)); - return( false ); - } - total_read = 0; - while( (bytes_read = read(fd,buffer+total_read,ZM_MAX_IMAGE_SIZE-total_read)) ) - { - if (bytes_read < 0) - { - Error( "Problem during reading: %s", strerror(errno)); - close(fd); - return( false ); - } - total_read+=bytes_read; - } - close(fd); - if (total_read == 0) - return( true ); - if (frame_count%frame_mod != 0) - return (true ); - if (fprintf( stdout, "--ZoneMinderFrame\r\n" ) < 0 ) - { - Error( "Problem during writing: %s", strerror(errno)); - return( false ); - } - - fprintf( stdout, "Content-Type: image/jpeg\r\n" ); - fprintf( stdout, "Content-Length: %d\r\n\r\n", total_read ); - if ( fwrite( buffer, total_read, 1, stdout ) != 1){ - Error( "Problem during reading: %s", strerror(errno)); - return( false ); - } - fprintf( stdout, "\r\n\r\n" ); - fflush( stdout); - last_frame_sent = TV_2_FLOAT( now ); - frame_count++; - return( true ); +int zmFifoDbgInit(Monitor *monitor) { + zm_fifodbg_inited = true; + snprintf(zm_fifodbg_log, sizeof(zm_fifodbg_log), "%s/%d/dbgpipe.log", + monitor->getStorage()->Path(), monitor->Id()); + zmFifoDbgOpen(); + return 1; } -void FifoStream::setStreamStart( const char * path ){ - stream_path = strdup(path); -} -void FifoStream::setStreamStart( int monitor_id, const char * format ){ - char diag_path[PATH_MAX]; - const char * filename; - Monitor * monitor = Monitor::Load(monitor_id, false, Monitor::QUERY); - - if (! strcmp(format,"reference") ) - { - stream_type = MJPEG; - filename = "diagpipe-r.jpg"; - } - else if (! strcmp(format,"delta")) - { - filename = "diagpipe-d.jpg"; - stream_type = MJPEG; - } - else - { - stream_type = RAW; - filename = "dbgpipe.log"; - } +void zmFifoDbgOutput( + int hex, + const char * const file, + const int line, + const int level, + const char *fstring, + ... + ) { + char dbg_string[8192]; + int str_size = sizeof(dbg_string); - snprintf( diag_path, sizeof(diag_path), "%s/%d/%s", monitor->getStorage()->Path(), monitor->Id(), filename ); - setStreamStart(diag_path); -} -void FifoStream::runStream(){ - if (stream_type == MJPEG) - fprintf( stdout, "Content-Type: multipart/x-mixed-replace;boundary=ZoneMinderFrame\r\n\r\n" ); - else - fprintf( stdout, "Content-Type: text/html\r\n\r\n" ); + va_list arg_ptr; + if ( (!zm_fifodbg_inited) || ( !zm_fifodbg_log_fd && !zmFifoDbgOpen() ) ) + return; - char lock_file[PATH_MAX]; - strcpy(lock_file,stream_path); - strcat(lock_file,".rlock"); - file_create_if_missing(lock_file,false); - int fd_lock = open(lock_file,O_RDONLY); - if (fd_lock < 0) - { - Error( "Can't open %s: %s", lock_file, strerror(errno)); - return; - } - int res = flock(fd_lock,LOCK_EX | LOCK_NB); - if (res < 0) - { - Error( "Flocking problem on %s: - %s", lock_file, strerror(errno) ); - close(fd_lock); - return; - } - - while( !zm_terminate ) - { - gettimeofday( &now, NULL ); - checkCommandQueue(); - if (stream_type == MJPEG) - { - if (! sendMJEGFrames()) - zm_terminate = true; - } - else - { - if (! sendRAWFrames()) - zm_terminate = true; - } - } - close(fd_lock); + char *dbg_ptr = dbg_string; + va_start(arg_ptr, fstring); + if ( hex ) { + unsigned char *data = va_arg(arg_ptr, unsigned char *); + int len = va_arg(arg_ptr, int); + dbg_ptr += snprintf(dbg_ptr, str_size-(dbg_ptr-dbg_string), "%d:", len); + for ( int i = 0; i < len; i++ ) { + dbg_ptr += snprintf(dbg_ptr, str_size-(dbg_ptr-dbg_string), " %02x", data[i]); + } + } else { + dbg_ptr += vsnprintf(dbg_ptr, str_size-(dbg_ptr-dbg_string), fstring, arg_ptr); + } + va_end(arg_ptr); + strncpy(dbg_ptr++, "\n", 1); + int res = fwrite(dbg_string, dbg_ptr-dbg_string, 1, zm_fifodbg_log_fd); + if ( res != 1 ) { + fclose(zm_fifodbg_log_fd); + zm_fifodbg_log_fd = NULL; + } else { + fflush(zm_fifodbg_log_fd); + } +} + +bool FifoStream::sendRAWFrames() { + static unsigned char buffer[RAW_BUFFER]; + int fd = open(stream_path, O_RDONLY); + if ( fd < 0 ) { + Error("Can't open %s: %s", stream_path, strerror(errno)); + return false; + } + while ( (bytes_read = read(fd, buffer, RAW_BUFFER)) ) { + if ( bytes_read == 0 ) + continue; + if ( bytes_read < 0 ) { + Error("Problem during reading: %s", strerror(errno)); + close(fd); + return false; + } + if ( fwrite(buffer, bytes_read, 1, stdout) != 1 ) { + Error("Problem during writing: %s", strerror(errno)); + close(fd); + return false; + } + fflush(stdout); + } + close(fd); + return true; +} + +void FifoStream::file_create_if_missing( + const char * path, + bool is_fifo, + bool delete_fake_fifo + ) { + static struct stat st; + if ( stat(path, &st) == 0 ) { + if ( (!is_fifo) || S_ISFIFO(st.st_mode) || !delete_fake_fifo ) + return; + Debug(5, "Supposed to be a fifo pipe but isn't, unlinking: %s", path); + unlink(path); + } + int fd; + if ( !is_fifo ) { + Debug(5, "Creating non fifo file as requested: %s", path); + fd = open(path, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR); + close(fd); + return; + } + Debug(5, "Making fifo file of: %s", path); + mkfifo(path, S_IRUSR|S_IWUSR); +} + +void FifoStream::fifo_create_if_missing( + const char * path, + bool delete_fake_fifo + ) { + file_create_if_missing(path, true, delete_fake_fifo); +} + +bool FifoStream::sendMJEGFrames() { + static unsigned char buffer[ZM_MAX_IMAGE_SIZE]; + int fd = open(stream_path, O_RDONLY); + if ( fd < 0 ) { + Error("Can't open %s: %s", stream_path, strerror(errno)); + return false; + } + total_read = 0; + while ( + (bytes_read = read(fd, buffer+total_read, ZM_MAX_IMAGE_SIZE-total_read)) + ) { + if ( bytes_read < 0 ) { + Error("Problem during reading: %s", strerror(errno)); + close(fd); + return false; + } + total_read += bytes_read; + } + close(fd); + + if ( (total_read == 0) || (frame_count%frame_mod != 0) ) + return true; + + if ( fprintf(stdout, + "--ZoneMinderFrame\r\n" + "Content-Type: image/jpeg\r\n" + "Content-Length: %d\r\n\r\n", + total_read) < 0 ) { + Error("Problem during writing: %s", strerror(errno)); + return false; + } + + if ( fwrite(buffer, total_read, 1, stdout) != 1 ) { + Error("Problem during reading: %s", strerror(errno)); + return false; + } + fprintf(stdout, "\r\n\r\n"); + fflush(stdout); + last_frame_sent = TV_2_FLOAT(now); + frame_count++; + return true; +} + +void FifoStream::setStreamStart(const char * path) { + stream_path = strdup(path); +} + +void FifoStream::setStreamStart(int monitor_id, const char * format) { + char diag_path[PATH_MAX]; + const char * filename; + Monitor * monitor = Monitor::Load(monitor_id, false, Monitor::QUERY); + + if ( !strcmp(format, "reference") ) { + stream_type = MJPEG; + filename = "diagpipe-r.jpg"; + } else if ( !strcmp(format, "delta") ) { + filename = "diagpipe-d.jpg"; + stream_type = MJPEG; + } else { + stream_type = RAW; + filename = "dbgpipe.log"; + } + + snprintf(diag_path, sizeof(diag_path), "%s/%d/%s", + monitor->getStorage()->Path(), monitor->Id(), filename); + setStreamStart(diag_path); +} + +void FifoStream::runStream() { + if ( stream_type == MJPEG ) { + fprintf(stdout, "Content-Type: multipart/x-mixed-replace;boundary=ZoneMinderFrame\r\n\r\n"); + } else { + fprintf(stdout, "Content-Type: text/html\r\n\r\n"); + } + + char lock_file[PATH_MAX]; + snprintf(lock_file, sizeof(lock_file), "%s.rlock", stream_path); + file_create_if_missing(lock_file, false); + + int fd_lock = open(lock_file, O_RDONLY); + if ( fd_lock < 0 ) { + Error("Can't open %s: %s", lock_file, strerror(errno)); + return; + } + int res = flock(fd_lock, LOCK_EX | LOCK_NB); + if ( res < 0 ) { + Error("Flocking problem on %s: - %s", lock_file, strerror(errno)); + close(fd_lock); + return; + } + + while ( !zm_terminate ) { + gettimeofday(&now, NULL); + checkCommandQueue(); + if ( stream_type == MJPEG ) { + if ( !sendMJEGFrames() ) + zm_terminate = true; + } else { + if ( !sendRAWFrames() ) + zm_terminate = true; + } + } + close(fd_lock); } From 6a87ae0fa79ff7bb73e8de8db2fb3dfce049e1fa Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 10:24:51 -0400 Subject: [PATCH 248/360] fix compile warning by copying two bytes, which will grab the \0 after the \n --- src/zm_fifo.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_fifo.cpp b/src/zm_fifo.cpp index 96e7c845e..0c0f836bd 100644 --- a/src/zm_fifo.cpp +++ b/src/zm_fifo.cpp @@ -91,7 +91,7 @@ void zmFifoDbgOutput( dbg_ptr += vsnprintf(dbg_ptr, str_size-(dbg_ptr-dbg_string), fstring, arg_ptr); } va_end(arg_ptr); - strncpy(dbg_ptr++, "\n", 1); + strncpy(dbg_ptr++, "\n", 2); int res = fwrite(dbg_string, dbg_ptr-dbg_string, 1, zm_fifodbg_log_fd); if ( res != 1 ) { fclose(zm_fifodbg_log_fd); From 6ed29a3d563f508da1619431964219b4cccaaaaf Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 10:29:47 -0400 Subject: [PATCH 249/360] Google code style, ifdef out all the extra includs that shouldn't be in the .h --- src/zm_fifo.h | 93 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 59 insertions(+), 34 deletions(-) diff --git a/src/zm_fifo.h b/src/zm_fifo.h index 8d1b1ae8c..065fd569c 100644 --- a/src/zm_fifo.h +++ b/src/zm_fifo.h @@ -1,6 +1,25 @@ +// +// ZoneMinder Fifo Debug +// Copyright (C) 2019 ZoneMinder LLC +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// #ifndef ZM_FIFO_H #define ZM_FIFO_H +#if 0 #include #include #include @@ -13,49 +32,55 @@ #include "zm.h" #include "zm_image.h" +#endif #include "zm_monitor.h" #include "zm_stream.h" - -#define zmFifoDbgPrintf(level,params...) {\ - zmFifoDbgOutput( 0, __FILE__, __LINE__, level, ##params );\ - } +#define zmFifoDbgPrintf(level, params...) {\ + zmFifoDbgOutput(0, __FILE__, __LINE__, level, ##params);\ + } #ifndef ZM_DBG_OFF -#define FifoDebug(level,params...) zmFifoDbgPrintf(level,##params) +#define FifoDebug(level, params...) zmFifoDbgPrintf(level, ##params) #else -#define FifoDebug(level,params...) +#define FifoDebug(level, params...) #endif -void zmFifoDbgOutput( int hex, const char * const file, const int line, const int level, const char *fstring, ... ) __attribute__ ((format(printf, 5, 6))); +void zmFifoDbgOutput( + int hex, + const char * const file, + const int line, + const int level, + const char *fstring, + ...) __attribute__((format(printf, 5, 6))); int zmFifoDbgInit(Monitor * monitor); -class FifoStream : public StreamBase -{ +class FifoStream : public StreamBase { + private: + char * stream_path; + int fd; + int total_read; + int bytes_read; + unsigned int frame_count; + static void file_create_if_missing( + const char * path, + bool is_fifo, + bool delete_fake_fifo = true + ); -private: - char * stream_path; - int fd; - int total_read; - int bytes_read; - unsigned int frame_count; - static void file_create_if_missing(const char * path, bool is_fifo, bool delete_fake_fifo=true); + protected: + typedef enum { MJPEG, RAW } StreamType; + StreamType stream_type; + bool sendMJEGFrames(); + bool sendRAWFrames(); + void processCommand(const CmdMsg *msg) {} -protected: - typedef enum { MJPEG, RAW } StreamType; - StreamType stream_type; - bool sendMJEGFrames( ); - bool sendRAWFrames( ); - void processCommand( const CmdMsg *msg ) {}; - -public: - FifoStream(){ - - - } - static void fifo_create_if_missing(const char * path,bool delete_fake_fifo=true); - void setStreamStart( const char * path ); - void setStreamStart( int monitor_id, const char * format ); - - void runStream(); + public: + FifoStream() {} + static void fifo_create_if_missing( + const char * path, + bool delete_fake_fifo = true); + void setStreamStart(const char * path); + void setStreamStart(int monitor_id, const char * format); + void runStream(); }; -#endif +#endif // ZM_FIFO_H From dd57fd95ce4060cf9d4cc7273810a740d1fd316e Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 11:11:14 -0400 Subject: [PATCH 250/360] Clean up cruft from videostore api. Fix packetqueue clear_unwanted_packets to take a pre_event_count and take it into consideration when finding the right spot in the queue to start recording. --- src/zm_ffmpeg_camera.cpp | 9 ++---- src/zm_ffmpeg_camera.h | 1 - src/zm_packetqueue.cpp | 53 +++++++++++++++++++++++++++++------ src/zm_packetqueue.h | 2 +- src/zm_remote_camera_rtsp.cpp | 1 - src/zm_videostore.cpp | 1 - src/zm_videostore.h | 1 - 7 files changed, 47 insertions(+), 21 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 781424b8b..5e403b468 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -145,7 +145,6 @@ FfmpegCamera::FfmpegCamera( mRawFrame = NULL; mFrame = NULL; frameCount = 0; - startTime = 0; mCanCapture = false; videoStore = NULL; have_video_keyframe = false; @@ -360,7 +359,6 @@ int FfmpegCamera::OpenFfmpeg() { return -1; } - startTime = av_gettime();//FIXME here or after find_Stream_info Debug(4, "Got stream info"); // Find first video stream present @@ -784,7 +782,6 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event videoStore = new VideoStore((const char *) event_file, "mp4", mFormatContext->streams[mVideoStreamId], NULL, - startTime, this->getMonitor()); } else { @@ -792,7 +789,6 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event videoStore = new VideoStore((const char *) event_file, "mp4", mFormatContext->streams[mVideoStreamId], mFormatContext->streams[mAudioStreamId], - startTime, this->getMonitor()); } } else { @@ -802,7 +798,6 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event videoStore = new VideoStore((const char *) event_file, "mp4", mFormatContext->streams[mVideoStreamId], NULL, - startTime, this->getMonitor()); } // end if record_audio @@ -811,7 +806,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event videoStore = NULL; } else { - monitor->SetVideoWriterEventId( last_event_id ); + monitor->SetVideoWriterEventId(last_event_id); // Need to write out all the frames from the last keyframe? // No... need to write out all frames from when the event began. Due to PreEventFrames, this could be more than since the last keyframe. @@ -819,7 +814,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event ZMPacket *queued_packet; // Clear all packets that predate the moment when the recording began - packetqueue->clear_unwanted_packets(&recording, mVideoStreamId); + packetqueue->clear_unwanted_packets(&recording, monitor->GetPreEventCount(), mVideoStreamId); while ( ( queued_packet = packetqueue->popPacket() ) ) { AVPacket *avp = queued_packet->av_packet(); diff --git a/src/zm_ffmpeg_camera.h b/src/zm_ffmpeg_camera.h index 3eb52d1f8..0dbb95805 100644 --- a/src/zm_ffmpeg_camera.h +++ b/src/zm_ffmpeg_camera.h @@ -84,7 +84,6 @@ class FfmpegCamera : public Camera { struct SwsContext *mConvertContext; #endif - int64_t startTime; int error_count; public: diff --git a/src/zm_packetqueue.cpp b/src/zm_packetqueue.cpp index 11f24c2a2..11d610b0b 100644 --- a/src/zm_packetqueue.cpp +++ b/src/zm_packetqueue.cpp @@ -157,12 +157,12 @@ unsigned int zm_packetqueue::clearQueue(unsigned int frames_to_keep, int stream_ AVPacket *av_packet = &(zm_packet->packet); Debug(5, "Looking for keyframe at packet with stream index (%d) with keyframe (%d), frames_to_keep is (%d)", - av_packet->stream_index, ( av_packet->flags & AV_PKT_FLAG_KEY ), frames_to_keep ); + av_packet->stream_index, ( av_packet->flags & AV_PKT_FLAG_KEY ), frames_to_keep); // Want frames_to_keep video keyframes. Otherwise, we may not have enough - if ( ( av_packet->stream_index == stream_id) && ( av_packet->flags & AV_PKT_FLAG_KEY ) ) { + if ( (av_packet->stream_index == stream_id) && (av_packet->flags & AV_PKT_FLAG_KEY) ) { Debug(4, "Found keyframe at packet with stream index (%d) with keyframe (%d), frames_to_keep is (%d)", - av_packet->stream_index, ( av_packet->flags & AV_PKT_FLAG_KEY ), frames_to_keep ); + av_packet->stream_index, ( av_packet->flags & AV_PKT_FLAG_KEY ), frames_to_keep); break; } } @@ -210,25 +210,60 @@ int zm_packetqueue::packet_count( int stream_id ) { return packet_counts[stream_id]; } // end int zm_packetqueue::packet_count( int stream_id ) -void zm_packetqueue::clear_unwanted_packets( timeval *recording_started, int mVideoStreamId ) { +// Clear packets before the given timestamp. +// Must also take into account pre_event_count frames +void zm_packetqueue::clear_unwanted_packets( + timeval *recording_started, + int pre_event_count, + int mVideoStreamId) { // Need to find the keyframe <= recording_started. Can get rid of audio packets. if ( pktQueue.empty() ) return; - // Step 1 - find keyframe < recording_started. - // Step 2 - pop packets until we get to the packet in step 2 + // Step 1 - find frame <= recording_started. + // Step 2 - go back pre_event_count + // Step 3 - find a keyframe + // Step 4 - pop packets until we get to the packet in step 3 std::list::reverse_iterator it; - Debug(3, "Looking for keyframe after start recording stream id (%d)", mVideoStreamId); + // Step 1 - find frame <= recording_started. + Debug(3, "Looking for frame before start recording stream id (%d)", mVideoStreamId); for ( it = pktQueue.rbegin(); it != pktQueue.rend(); ++ it ) { + ZMPacket *zm_packet = *it; + AVPacket *av_packet = &(zm_packet->packet); + if ( + ( av_packet->stream_index == mVideoStreamId ) + && + timercmp( &(zm_packet->timestamp), recording_started, <= ) + ) { + Debug(3, "Found frame before start with stream index %d at %d.%d", + av_packet->stream_index, + zm_packet->timestamp.tv_sec, + zm_packet->timestamp.tv_usec); + break; + } + } + + if ( it == pktQueue.rend() ) { + Debug(1, "Didn't find a frame before event starttime. keeping all" ); + return; + } + + for ( ; pre_event_count && it != pktQueue.rend(); -- pre_event_count, ++ it ) { + } + if ( it == pktQueue.rend() ) { + Debug(1, "ran out of pre_event frames before event starttime. keeping all" ); + return; + } + + Debug(3, "Looking for keyframe"); + for ( ; it != pktQueue.rend(); ++ it ) { ZMPacket *zm_packet = *it; AVPacket *av_packet = &(zm_packet->packet); if ( ( av_packet->flags & AV_PKT_FLAG_KEY ) && ( av_packet->stream_index == mVideoStreamId ) - && - timercmp( &(zm_packet->timestamp), recording_started, <= ) ) { Debug(3, "Found keyframe before start with stream index %d at %d.%d", av_packet->stream_index, diff --git a/src/zm_packetqueue.h b/src/zm_packetqueue.h index a02a51ade..0faa281d2 100644 --- a/src/zm_packetqueue.h +++ b/src/zm_packetqueue.h @@ -43,7 +43,7 @@ public: void clearQueue(); void dumpQueue(); unsigned int size(); - void clear_unwanted_packets(timeval *recording, int mVideoStreamId); + void clear_unwanted_packets(timeval *recording, int pre_event_count, int mVideoStreamId); int packet_count(int stream_id); private: std::list pktQueue; diff --git a/src/zm_remote_camera_rtsp.cpp b/src/zm_remote_camera_rtsp.cpp index 1f94f4849..a26e2626d 100644 --- a/src/zm_remote_camera_rtsp.cpp +++ b/src/zm_remote_camera_rtsp.cpp @@ -418,7 +418,6 @@ int RemoteCameraRtsp::CaptureAndRecord(Image &image, timeval recording, char* ev videoStore = new VideoStore((const char *)event_file, "mp4", mFormatContext->streams[mVideoStreamId], mAudioStreamId==-1?NULL:mFormatContext->streams[mAudioStreamId], - startTime, this->getMonitor() ); strcpy(oldDirectory, event_file); } // end if ! videoStore diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index c39e24098..90ddcc4c3 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -36,7 +36,6 @@ VideoStore::VideoStore( const char *format_in, AVStream *p_video_in_stream, AVStream *p_audio_in_stream, - int64_t nStartTime, Monitor *monitor ) { diff --git a/src/zm_videostore.h b/src/zm_videostore.h index 8e7308e69..fe52cd1dc 100644 --- a/src/zm_videostore.h +++ b/src/zm_videostore.h @@ -85,7 +85,6 @@ public: const char *format_in, AVStream *video_in_stream, AVStream *audio_in_stream, - int64_t nStartTime, Monitor * p_monitor); bool open(); ~VideoStore(); From 158b9438d74070f0785d2af9544ea50bdbd1a04d Mon Sep 17 00:00:00 2001 From: Daniel Schaefer Date: Thu, 27 Jun 2019 21:08:29 +0200 Subject: [PATCH 251/360] Explicitly link with libdl (#2649) Otherwise on some systems linking would fail with undefined reference to symbol 'dlclose@@GLIBC_2.2.5' --- src/CMakeLists.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 3155fb920..331f9e039 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -20,10 +20,10 @@ add_executable(zms zms.cpp) include_directories(libbcrypt/include/bcrypt) include_directories(jwt-cpp/include/jwt-cpp) -target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) -target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) -target_link_libraries(zmu zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) -target_link_libraries(zms zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} bcrypt) +target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} ${CMAKE_DL_LIBS}) +target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} ${CMAKE_DL_LIBS}) +target_link_libraries(zmu zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} ${CMAKE_DL_LIBS} bcrypt) +target_link_libraries(zms zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS} ${CMAKE_DL_LIBS} bcrypt) # Generate man files for the binaries destined for the bin folder FOREACH(CBINARY zma zmc zmu) From ac7d4869de65be78f0e9cdab1349223293a0124d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 15:36:13 -0400 Subject: [PATCH 252/360] We need to seek back pre_event_count video frames, not any frames --- src/zm_packetqueue.cpp | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/zm_packetqueue.cpp b/src/zm_packetqueue.cpp index 11d610b0b..f86314113 100644 --- a/src/zm_packetqueue.cpp +++ b/src/zm_packetqueue.cpp @@ -245,14 +245,21 @@ void zm_packetqueue::clear_unwanted_packets( } if ( it == pktQueue.rend() ) { - Debug(1, "Didn't find a frame before event starttime. keeping all" ); + Debug(1, "Didn't find a frame before event starttime. keeping all"); return; } - for ( ; pre_event_count && it != pktQueue.rend(); -- pre_event_count, ++ it ) { + Debug(1, "Seeking back %d frames", pre_event_count); + for ( ; pre_event_count && (it != pktQueue.rend()); ++ it ) { + ZMPacket *zm_packet = *it; + AVPacket *av_packet = &(zm_packet->packet); + if ( av_packet->stream_index == mVideoStreamId ) { + --pre_event_count; + } } + if ( it == pktQueue.rend() ) { - Debug(1, "ran out of pre_event frames before event starttime. keeping all" ); + Debug(1, "ran out of pre_event frames before event starttime. keeping all"); return; } From 3bd4486b651ba7d22e9643bf6632636d731b22e5 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 15:48:10 -0400 Subject: [PATCH 253/360] Start event when alarm frames >= alarm_frame_count-1 because it is 1based. Add some debug. --- src/zm_monitor.cpp | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index 76b7e9a34..eba3ca7e9 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -1525,21 +1525,25 @@ bool Monitor::Analyse() { Info("%s: %03d - Closing event %" PRIu64 ", continuous end, alarm begins", name, image_count, event->Id()); closeEvent(); - } - Debug(3, "pre-alarm-count %d", Event::PreAlarmCount()); + } else { // This is so if we need more than 1 alarm frame before going into alarm, so it is basically if we have enough alarm frames - if ( (!pre_event_count) || (Event::PreAlarmCount() >= alarm_frame_count) ) { + Debug(3, "pre-alarm-count in event %d, event frames %d, alarm frames %d event length %d >=? %d", + Event::PreAlarmCount(), event->Frames(), event->AlarmFrames(), + ( timestamp->tv_sec - video_store_data->recording.tv_sec ), min_section_length + ); + } + if ( (!pre_event_count) || (Event::PreAlarmCount() >= alarm_frame_count-1) ) { shared_data->state = state = ALARM; // lets construct alarm cause. It will contain cause + names of zones alarmed std::string alarm_cause = ""; for ( int i=0; i < n_zones; i++ ) { if ( zones[i]->Alarmed() ) { - alarm_cause = alarm_cause + "," + std::string(zones[i]->Label()); + alarm_cause = alarm_cause + "," + std::string(zones[i]->Label()); } } if ( !alarm_cause.empty() ) alarm_cause[0] = ' '; alarm_cause = cause + alarm_cause; - strncpy(shared_data->alarm_cause,alarm_cause.c_str(), sizeof(shared_data->alarm_cause)-1); + strncpy(shared_data->alarm_cause, alarm_cause.c_str(), sizeof(shared_data->alarm_cause)-1); Info("%s: %03d - Gone into alarm state PreAlarmCount: %u > AlarmFrameCount:%u Cause:%s", name, image_count, Event::PreAlarmCount(), alarm_frame_count, shared_data->alarm_cause); @@ -1550,7 +1554,9 @@ bool Monitor::Analyse() { if ( analysis_fps && pre_event_count ) { // If analysis fps is set, // compute the index for pre event images in the dedicated buffer - pre_index = pre_event_buffer_count ? image_count%pre_event_buffer_count : 0; + pre_index = pre_event_buffer_count ? image_count % pre_event_buffer_count : 0; + Debug(3, "pre-index %d = image_count(%d) %% pre_event_buffer_count(%d)", + pre_index, image_count, pre_event_buffer_count); // Seek forward the next filled slot in to the buffer (oldest data) // from the current position @@ -1559,6 +1565,8 @@ bool Monitor::Analyse() { // Slot is empty, removing image from counter pre_event_images--; } + Debug(3, "pre-index %d, pre-event_images %d", + pre_index, pre_event_images); event = new Event(this, *(pre_event_buffer[pre_index].timestamp), cause, noteSetMap); } else { @@ -1569,7 +1577,7 @@ bool Monitor::Analyse() { else pre_index = ((index + image_buffer_count) - pre_event_count)%image_buffer_count; - Debug(4,"Resulting pre_index(%d) from index(%d) + image_buffer_count(%d) - pre_event_count(%d)", + Debug(3, "Resulting pre_index(%d) from index(%d) + image_buffer_count(%d) - pre_event_count(%d)", pre_index, index, image_buffer_count, pre_event_count); // Seek forward the next filled slot in to the buffer (oldest data) From 0ab4f9fce08734cd1b3037e913286dfee78ea991 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 21:49:43 -0400 Subject: [PATCH 254/360] More debugging in packetqueue. --- src/zm_packetqueue.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/zm_packetqueue.cpp b/src/zm_packetqueue.cpp index f86314113..7668935f0 100644 --- a/src/zm_packetqueue.cpp +++ b/src/zm_packetqueue.cpp @@ -227,7 +227,8 @@ void zm_packetqueue::clear_unwanted_packets( std::list::reverse_iterator it; // Step 1 - find frame <= recording_started. - Debug(3, "Looking for frame before start recording stream id (%d)", mVideoStreamId); + Debug(3, "Looking for frame before start recording stream id (%d), queue has %d packets", + mVideoStreamId, pktQueue.size()); for ( it = pktQueue.rbegin(); it != pktQueue.rend(); ++ it ) { ZMPacket *zm_packet = *it; AVPacket *av_packet = &(zm_packet->packet); @@ -242,6 +243,10 @@ void zm_packetqueue::clear_unwanted_packets( zm_packet->timestamp.tv_usec); break; } + Debug(3, "Not Found frame before start with stream index %d at %d.%d", + av_packet->stream_index, + zm_packet->timestamp.tv_sec, + zm_packet->timestamp.tv_usec); } if ( it == pktQueue.rend() ) { From d972ab60060570a47378c527f4a755a5b599d6da Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 27 Jun 2019 21:50:12 -0400 Subject: [PATCH 255/360] add min_section_length test to alarmed events that go unalarmed --- src/zm_monitor.cpp | 5 ++++- web/skins/classic/css/base/skin.css | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index eba3ca7e9..fda0f5709 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -1632,7 +1632,10 @@ bool Monitor::Analyse() { Info("%s: %03d - Gone into alert state", name, image_count); shared_data->state = state = ALERT; } else if ( state == ALERT ) { - if ( image_count-last_alarm_count > post_event_count ) { + if ( + ( image_count-last_alarm_count > post_event_count ) + && ( ( timestamp->tv_sec - video_store_data->recording.tv_sec ) >= min_section_length ) + ) { Info("%s: %03d - Left alarm state (%" PRIu64 ") - %d(%d) images", name, image_count, event->Id(), event->Frames(), event->AlarmFrames()); //if ( function != MOCORD || event_close_mode == CLOSE_ALARM || event->Cause() == SIGNAL_CAUSE ) diff --git a/web/skins/classic/css/base/skin.css b/web/skins/classic/css/base/skin.css index 1dfd6ea90..cd0eaebc3 100644 --- a/web/skins/classic/css/base/skin.css +++ b/web/skins/classic/css/base/skin.css @@ -637,6 +637,7 @@ color:#ffa801; .container-fluid { position: relative; + padding-bottom: 10px; } .sidebar { From 1161c251fc7dfd4691ad8bc10358779d3c009500 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 28 Jun 2019 10:28:53 -0400 Subject: [PATCH 256/360] Add a warning when the monitor is not capturing in live view --- web/skins/classic/views/watch.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php index 902baaa1c..bef9acd61 100644 --- a/web/skins/classic/views/watch.php +++ b/web/skins/classic/views/watch.php @@ -77,6 +77,11 @@ if ( canView('Control') && $monitor->Type() == 'Local' ) {
+Status() != 'Capturing' ) { + echo '
Monitor is not capturing. We will be unable to provide an image
'; +} +?>
$scale) ); ?>
Type() != 'WebSite' ) { ?> From 6231c64a7a253dac034fb85d27fa5167d0816586 Mon Sep 17 00:00:00 2001 From: CanOfSpam3 Date: Mon, 1 Jul 2019 18:06:10 -0400 Subject: [PATCH 257/360] simplify rtfm step (#2650) save everyone some cruft and time --- docs/installationguide/debian.rst | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/installationguide/debian.rst b/docs/installationguide/debian.rst index a6a27aa19..1c85e704c 100644 --- a/docs/installationguide/debian.rst +++ b/docs/installationguide/debian.rst @@ -82,8 +82,7 @@ a read. :: - gunzip /usr/share/doc/zoneminder/README.Debian.gz - cat /usr/share/doc/zoneminder/README.Debian + zcat /usr/share/doc/zoneminder/README.Debian.gz **Step 7:** Enable ZoneMinder service @@ -209,8 +208,7 @@ a read. :: - gunzip /usr/share/doc/zoneminder/README.Debian.gz - cat /usr/share/doc/zoneminder/README.Debian + zcat /usr/share/doc/zoneminder/README.Debian.gz **Step 7:** Setup Database From 2dc60196c5ddb6cb2874c16a291478d0102bdb97 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 2 Jul 2019 11:14:24 -0400 Subject: [PATCH 258/360] Code cleanup and cpplint --- src/zm_ffmpeg_camera.cpp | 450 +++++++++++++++++++++------------------ 1 file changed, 237 insertions(+), 213 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 5e403b468..9cf2d93ef 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -1,21 +1,21 @@ // -// ZoneMinder Ffmpeg Camera Class Implementation, $Date: 2009-01-16 12:18:50 +0000 (Fri, 16 Jan 2009) $, $Revision: 2713 $ +// ZoneMinder Ffmpeg Camera Class Implementation // Copyright (C) 2001-2008 Philip Coombes -// +// // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. -// +// // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. -// +// // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// +// #include "zm.h" #include "zm_signal.h" @@ -27,7 +27,7 @@ extern "C" { #include "libavutil/time.h" #if HAVE_LIBAVUTIL_HWCONTEXT_H - #include "libavutil/hwcontext.h" + #include "libavutil/hwcontext.h" #endif } #ifndef AV_ERROR_MAX_STRING_SIZE @@ -39,6 +39,7 @@ extern "C" { #include #include #endif +#include #if HAVE_LIBAVUTIL_HWCONTEXT_H @@ -54,9 +55,11 @@ static enum AVPixelFormat get_hw_format( return *p; } - Error("Failed to get HW surface format for %s.", av_get_pix_fmt_name(hw_pix_fmt)); + Error("Failed to get HW surface format for %s.", + av_get_pix_fmt_name(hw_pix_fmt)); for ( p = pix_fmts; *p != -1; p++ ) - Error("Available HW surface format was %s.", av_get_pix_fmt_name(*p)); + Error("Available HW surface format was %s.", + av_get_pix_fmt_name(*p)); return AV_PIX_FMT_NONE; } @@ -106,8 +109,7 @@ FfmpegCamera::FfmpegCamera( bool p_capture, bool p_record_audio, const std::string &p_hwaccel_name, - const std::string &p_hwaccel_device - ) : + const std::string &p_hwaccel_device) : Camera( p_id, FFMPEG_SRC, @@ -154,10 +156,11 @@ FfmpegCamera::FfmpegCamera( hw_pix_fmt = AV_PIX_FMT_NONE; #endif -#if HAVE_LIBSWSCALE +#if HAVE_LIBSWSCALE mConvertContext = NULL; #endif - /* Has to be located inside the constructor so other components such as zma will receive correct colours and subpixel order */ + /* Has to be located inside the constructor so other components such as zma + * will receive correct colours and subpixel order */ if ( colours == ZM_COLOUR_RGB32 ) { subpixelorder = ZM_SUBPIX_ORDER_RGBA; imagePixFormat = AV_PIX_FMT_RGBA; @@ -170,10 +173,9 @@ FfmpegCamera::FfmpegCamera( } else { Panic("Unexpected colours: %d", colours); } -} // FfmpegCamera::FfmpegCamera +} // FfmpegCamera::FfmpegCamera FfmpegCamera::~FfmpegCamera() { - Close(); if ( capture ) { @@ -203,7 +205,7 @@ int FfmpegCamera::PrimeCapture() { int FfmpegCamera::PreCapture() { // If Reopen was called, then ffmpeg is closed and we need to reopen it. - if ( ! mCanCapture ) + if ( !mCanCapture ) return OpenFfmpeg(); // Nothing to do here return 0; @@ -215,15 +217,20 @@ int FfmpegCamera::Capture(Image &image) { } int ret; - // If the reopen thread has a value, but mCanCapture != 0, then we have just reopened the connection to the ffmpeg device, and we can clean up the thread. + // If the reopen thread has a value, but mCanCapture != 0, then we have just + // reopened the connection to the device, and we can clean up the thread. int frameComplete = false; - while ( !frameComplete && !zm_terminate) { + while ( !frameComplete && !zm_terminate ) { ret = av_read_frame(mFormatContext, &packet); if ( ret < 0 ) { if ( // Check if EOF. - (ret == AVERROR_EOF || (mFormatContext->pb && mFormatContext->pb->eof_reached)) || + ( + ret == AVERROR_EOF + || + (mFormatContext->pb && mFormatContext->pb->eof_reached) + ) || // Check for Connection failure. (ret == -110) ) { @@ -244,7 +251,11 @@ int FfmpegCamera::Capture(Image &image) { Debug(5, "Got packet from stream %d dts (%d) pts(%d)", packet.stream_index, packet.pts, packet.dts); // What about audio stream? Maybe someday we could do sound detection... - if ( ( packet.stream_index == mVideoStreamId ) && ( keyframe || have_video_keyframe ) ) { + if ( + (packet.stream_index == mVideoStreamId) + && + (keyframe || have_video_keyframe) + ) { ret = zm_receive_frame(mVideoCodecContext, mRawFrame, packet); if ( ret < 0 ) { Error("Unable to get frame at frame %d: %s, continuing", @@ -264,11 +275,11 @@ int FfmpegCamera::Capture(Image &image) { frameCount++; } else { Debug(4, "Different stream_index %d", packet.stream_index); - } // end if packet.stream_index == mVideoStreamId + } // end if packet.stream_index == mVideoStreamId zm_av_packet_unref(&packet); - } // end while ! frameComplete + } // end while ! frameComplete return frameComplete ? 1 : 0; -} // FfmpegCamera::Capture +} // FfmpegCamera::Capture int FfmpegCamera::PostCapture() { // Nothing to do here @@ -276,7 +287,6 @@ int FfmpegCamera::PostCapture() { } int FfmpegCamera::OpenFfmpeg() { - int ret; have_video_keyframe = false; @@ -290,7 +300,7 @@ int FfmpegCamera::OpenFfmpeg() { AVDictionary *opts = 0; ret = av_dict_parse_string(&opts, Options().c_str(), "=", ",", 0); if ( ret < 0 ) { - Warning("Could not parse ffmpeg input options list '%s'\n", Options().c_str()); + Warning("Could not parse ffmpeg input options '%s'", Options().c_str()); } // Set transport method as specified by method field, rtpUni is default @@ -306,7 +316,7 @@ int FfmpegCamera::OpenFfmpeg() { } else { Warning("Unknown method (%s)", method.c_str()); } -//#av_dict_set(&opts, "timeout", "10000000", 0); // in microseconds. + // #av_dict_set(&opts, "timeout", "10000000", 0); // in microseconds. if ( ret < 0 ) { Warning("Could not set rtsp_transport method '%s'", method.c_str()); @@ -314,11 +324,11 @@ int FfmpegCamera::OpenFfmpeg() { Debug(1, "Calling avformat_open_input for %s", mPath.c_str()); - mFormatContext = avformat_alloc_context( ); + mFormatContext = avformat_alloc_context(); // Speed up find_stream_info - //FIXME can speed up initial analysis but need sensible parameters... - //mFormatContext->probesize = 32; - //mFormatContext->max_analyze_duration = 32; + // FIXME can speed up initial analysis but need sensible parameters... + // mFormatContext->probesize = 32; + // mFormatContext->max_analyze_duration = 32; mFormatContext->interrupt_callback.callback = FfmpegInterruptCallback; mFormatContext->interrupt_callback.opaque = this; @@ -326,7 +336,8 @@ int FfmpegCamera::OpenFfmpeg() { if ( ret != 0 ) #endif { - Error("Unable to open input %s due to: %s", mPath.c_str(), strerror(ret)); + Error("Unable to open input %s due to: %s", mPath.c_str(), + av_make_error_string(ret).c_str()); #if !LIBAVFORMAT_VERSION_CHECK(53, 17, 0, 25, 0) av_close_input_file(mFormatContext); #else @@ -339,7 +350,7 @@ int FfmpegCamera::OpenFfmpeg() { return -1; } - AVDictionaryEntry *e=NULL; + AVDictionaryEntry *e = NULL; while ( (e = av_dict_get(opts, "", e, AV_DICT_IGNORE_SUFFIX)) != NULL ) { Warning("Option %s not recognized by ffmpeg", e->key); } @@ -348,94 +359,76 @@ int FfmpegCamera::OpenFfmpeg() { Info("Stream open %s, parsing streams...", mPath.c_str()); #if !LIBAVFORMAT_VERSION_CHECK(53, 6, 0, 6, 0) - Debug(4, "Calling av_find_stream_info"); - if ( av_find_stream_info(mFormatContext) < 0 ) + ret = av_find_stream_info(mFormatContext); #else - Debug(4, "Calling avformat_find_stream_info"); - if ( avformat_find_stream_info(mFormatContext, 0) < 0 ) + ret = avformat_find_stream_info(mFormatContext, 0); #endif - { - Error("Unable to find stream info from %s due to: %s", mPath.c_str(), strerror(errno)); + if ( ret < 0 ) { + Error("Unable to find stream info from %s due to: %s", mPath.c_str(), + av_make_error_string(ret).c_str()); return -1; } - Debug(4, "Got stream info"); - // Find first video stream present // The one we want Might not be the first mVideoStreamId = -1; mAudioStreamId = -1; for ( unsigned int i=0; i < mFormatContext->nb_streams; i++ ) { -#if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - if ( mFormatContext->streams[i]->codecpar->codec_type == AVMEDIA_TYPE_VIDEO ) { -#else -#if (LIBAVCODEC_VERSION_CHECK(52, 64, 0, 64, 0) || LIBAVUTIL_VERSION_CHECK(50, 14, 0, 14, 0)) - if ( mFormatContext->streams[i]->codec->codec_type == AVMEDIA_TYPE_VIDEO ) { -#else - if ( mFormatContext->streams[i]->codec->codec_type == CODEC_TYPE_VIDEO ) { -#endif -#endif + AVStream *stream = mFormatContext->streams[i]; + if ( is_video_stream(stream) ) { if ( mVideoStreamId == -1 ) { mVideoStreamId = i; // if we break, then we won't find the audio stream continue; } else { - Debug(2, "Have another video stream." ); + Debug(2, "Have another video stream."); } - } -#if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - if ( mFormatContext->streams[i]->codecpar->codec_type == AVMEDIA_TYPE_AUDIO ) { -#else -#if (LIBAVCODEC_VERSION_CHECK(52, 64, 0, 64, 0) || LIBAVUTIL_VERSION_CHECK(50, 14, 0, 14, 0)) - if ( mFormatContext->streams[i]->codec->codec_type == AVMEDIA_TYPE_AUDIO ) { -#else - if ( mFormatContext->streams[i]->codec->codec_type == CODEC_TYPE_AUDIO ) { -#endif -#endif + } else if ( is_audio_stream(stream) ) { if ( mAudioStreamId == -1 ) { mAudioStreamId = i; } else { - Debug(2, "Have another audio stream." ); + Debug(2, "Have another audio stream."); } } - } // end foreach stream + } // end foreach stream if ( mVideoStreamId == -1 ) Fatal("Unable to locate video stream in %s", mPath.c_str()); - if ( mAudioStreamId == -1 ) - Debug(3, "Unable to locate audio stream in %s", mPath.c_str()); - Debug(3, "Found video stream at index %d", mVideoStreamId); - Debug(3, "Found audio stream at index %d", mAudioStreamId); - packetqueue = new zm_packetqueue( mVideoStreamId > mAudioStreamId ? mVideoStreamId : mAudioStreamId ); + Debug(3, "Found video stream at index %d, audio stream at index %d", + mVideoStreamId, mAudioStreamId); + packetqueue = new zm_packetqueue( + (mVideoStreamId > mAudioStreamId) ? mVideoStreamId : mAudioStreamId); #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - //mVideoCodecContext = avcodec_alloc_context3(NULL); - //avcodec_parameters_to_context( mVideoCodecContext, mFormatContext->streams[mVideoStreamId]->codecpar ); + // mVideoCodecContext = avcodec_alloc_context3(NULL); + // avcodec_parameters_to_context(mVideoCodecContext, + // mFormatContext->streams[mVideoStreamId]->codecpar); // this isn't copied. - //mVideoCodecContext->time_base = mFormatContext->streams[mVideoStreamId]->codec->time_base; + // mVideoCodecContext->time_base = + // mFormatContext->streams[mVideoStreamId]->codec->time_base; #else #endif mVideoCodecContext = mFormatContext->streams[mVideoStreamId]->codec; - // STolen from ispy - //this fixes issues with rtsp streams!! woot. - //mVideoCodecContext->flags2 |= CODEC_FLAG2_FAST | CODEC_FLAG2_CHUNKS | CODEC_FLAG_LOW_DELAY; // Enable faster H264 decode. #ifdef CODEC_FLAG2_FAST - mVideoCodecContext->flags2 |= CODEC_FLAG2_FAST | CODEC_FLAG_LOW_DELAY; + mVideoCodecContext->flags2 |= CODEC_FLAG2_FAST | CODEC_FLAG_LOW_DELAY; #endif if ( mVideoCodecContext->codec_id == AV_CODEC_ID_H264 ) { if ( (mVideoCodec = avcodec_find_decoder_by_name("h264_mmal")) == NULL ) { - Debug(1, "Failed to find decoder (h264_mmal)" ); + Debug(1, "Failed to find decoder (h264_mmal)"); } else { - Debug(1, "Success finding decoder (h264_mmal)" ); + Debug(1, "Success finding decoder (h264_mmal)"); } } - if ( (!mVideoCodec) and ( (mVideoCodec = avcodec_find_decoder(mVideoCodecContext->codec_id)) == NULL ) ) { - // Try and get the codec from the codec context - Error("Can't find codec for video stream from %s", mPath.c_str()); - return -1; - } + if ( !mVideoCodec ) { + mVideoCodec = avcodec_find_decoder(mVideoCodecContext->codec_id); + if ( !mVideoCodec ) { + // Try and get the codec from the codec context + Error("Can't find codec for video stream from %s", mPath.c_str()); + return -1; + } + } Debug(1, "Video Found decoder %s", mVideoCodec->name); zm_dump_stream_format(mFormatContext, mVideoStreamId, 0, 0); @@ -464,23 +457,27 @@ int FfmpegCamera::OpenFfmpeg() { mVideoCodec->name, av_hwdevice_get_type_name(type)); return -1; } - if ( (config->methods & AV_CODEC_HW_CONFIG_METHOD_HW_DEVICE_CTX ) - && (config->device_type == type) + if ( (config->methods & AV_CODEC_HW_CONFIG_METHOD_HW_DEVICE_CTX) + && (config->device_type == type) ) { hw_pix_fmt = config->pix_fmt; break; } - } // end foreach hwconfig -#else + } // end foreach hwconfig +#else hw_pix_fmt = find_fmt_by_hw_type(type); #endif -Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt)); +Debug(1, "Selected gw_pix_fmt %d %s", + hw_pix_fmt, + av_get_pix_fmt_name(hw_pix_fmt)); mVideoCodecContext->get_format = get_hw_format; - Debug(1, "Creating hwdevice for %s", (hwaccel_device != "" ? hwaccel_device.c_str() : "")); - if ((ret = av_hwdevice_ctx_create(&hw_device_ctx, type, - (hwaccel_device != "" ? hwaccel_device.c_str(): NULL), NULL, 0)) < 0) { + Debug(1, "Creating hwdevice for %s", + (hwaccel_device != "" ? hwaccel_device.c_str() : "")); + ret = av_hwdevice_ctx_create(&hw_device_ctx, type, + (hwaccel_device != "" ? hwaccel_device.c_str(): NULL), NULL, 0); + if ( ret < 0 ) { Error("Failed to create specified HW device."); return -1; } @@ -488,10 +485,10 @@ Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt mVideoCodecContext->hw_device_ctx = av_buffer_ref(hw_device_ctx); hwaccel = true; hwFrame = zm_av_frame_alloc(); -#else +#else Warning("HWAccel support not compiled in."); #endif - } // end if hwacel_name + } // end if hwacel_name // Open the codec #if !LIBAVFORMAT_VERSION_CHECK(53, 8, 0, 8, 0) @@ -501,7 +498,7 @@ Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt #endif e = NULL; while ( (e = av_dict_get(opts, "", e, AV_DICT_IGNORE_SUFFIX)) != NULL ) { - Warning( "Option %s not recognized by ffmpeg", e->key); + Warning("Option %s not recognized by ffmpeg", e->key); } if ( ret < 0 ) { Error("Unable to open codec for video stream from %s", mPath.c_str()); @@ -528,28 +525,28 @@ Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt } else { #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) mAudioCodecContext = avcodec_alloc_context3(mAudioCodec); - avcodec_parameters_to_context( mAudioCodecContext, mFormatContext->streams[mAudioStreamId]->codecpar ); + avcodec_parameters_to_context( + mAudioCodecContext, + mFormatContext->streams[mAudioStreamId]->codecpar + ); #else mAudioCodecContext = mFormatContext->streams[mAudioStreamId]->codec; // = avcodec_alloc_context3(mAudioCodec); #endif - Debug(1, "Audio Found decoder"); zm_dump_stream_format(mFormatContext, mAudioStreamId, 0, 0); // Open the codec #if !LIBAVFORMAT_VERSION_CHECK(53, 8, 0, 8, 0) - Debug(1, "Calling avcodec_open"); if ( avcodec_open(mAudioCodecContext, mAudioCodec) < 0 ) { #else - Debug(1, "Calling avcodec_open2" ); if ( avcodec_open2(mAudioCodecContext, mAudioCodec, 0) < 0 ) { #endif - Error("Unable to open codec for audio stream from %s", mPath.c_str() ); + Error("Unable to open codec for audio stream from %s", mPath.c_str()); return -1; } zm_dump_codec(mAudioCodecContext); - } // end if find decoder - } // end if have audio_context + } // end if find decoder + } // end if have audio_context // Allocate space for the native video frame mRawFrame = zm_av_frame_alloc(); @@ -562,23 +559,18 @@ Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt return -1; } - Debug( 3, "Allocated frames"); - #if LIBAVUTIL_VERSION_CHECK(54, 6, 0, 6, 0) - int pSize = av_image_get_buffer_size( imagePixFormat, width, height,1 ); + int pSize = av_image_get_buffer_size(imagePixFormat, width, height, 1); #else - int pSize = avpicture_get_size( imagePixFormat, width, height ); + int pSize = avpicture_get_size(imagePixFormat, width, height); #endif if ( (unsigned int)pSize != imagesize ) { - Error("Image size mismatch. Required: %d Available: %d",pSize,imagesize); + Error("Image size mismatch. Required: %d Available: %d", pSize, imagesize); return -1; } - Debug(4, "Validated imagesize"); - #if HAVE_LIBSWSCALE - Debug(1, "Calling sws_isSupportedInput"); if ( !sws_isSupportedInput(mVideoCodecContext->pix_fmt) ) { Error("swscale does not support the codec format: %c%c%c%c", (mVideoCodecContext->pix_fmt)&0xff, @@ -600,7 +592,7 @@ Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt } # if 0 - // Have to get a frame first to find out the actual format returned by decoding + // Must get a frame first to find out the actual format returned by decoding mConvertContext = sws_getContext( mVideoCodecContext->width, mVideoCodecContext->height, @@ -609,13 +601,14 @@ Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt imagePixFormat, SWS_BICUBIC, NULL, NULL, NULL); if ( mConvertContext == NULL ) { - Error( "Unable to create conversion context for %s", mPath.c_str() ); + Error("Unable to create conversion context for %s", mPath.c_str()); return -1; } #endif -#else // HAVE_LIBSWSCALE - Fatal("You must compile ffmpeg with the --enable-swscale option to use ffmpeg cameras"); -#endif // HAVE_LIBSWSCALE +#else // HAVE_LIBSWSCALE + Fatal("You must compile ffmpeg with the --enable-swscale " + "option to use ffmpeg cameras"); +#endif // HAVE_LIBSWSCALE if ( ((unsigned int)mVideoCodecContext->width != width) @@ -623,17 +616,15 @@ Debug(1, "Selected gw_pix_fmt %d %s", hw_pix_fmt, av_get_pix_fmt_name(hw_pix_fmt ((unsigned int)mVideoCodecContext->height != height) ) { Warning("Monitor dimensions are %dx%d but camera is sending %dx%d", - width, height, mVideoCodecContext->width, mVideoCodecContext->height - ); + width, height, mVideoCodecContext->width, mVideoCodecContext->height); } mCanCapture = true; return 0; -} // int FfmpegCamera::OpenFfmpeg() +} // int FfmpegCamera::OpenFfmpeg() int FfmpegCamera::Close() { - Debug(2, "CloseFfmpeg called."); mCanCapture = false; @@ -661,18 +652,17 @@ int FfmpegCamera::Close() { if ( mVideoCodecContext ) { avcodec_close(mVideoCodecContext); - Debug(1,"After codec close"); #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - //avcodec_free_context(&mVideoCodecContext); + // avcodec_free_context(&mVideoCodecContext); #endif - mVideoCodecContext = NULL; // Freed by av_close_input_file + mVideoCodecContext = NULL; // Freed by av_close_input_file } if ( mAudioCodecContext ) { avcodec_close(mAudioCodecContext); #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) avcodec_free_context(&mAudioCodecContext); #endif - mAudioCodecContext = NULL; // Freed by av_close_input_file + mAudioCodecContext = NULL; // Freed by av_close_input_file } if ( mFormatContext ) { @@ -690,15 +680,19 @@ int FfmpegCamera::Close() { } return 0; -} // end FfmpegCamera::Close +} // end FfmpegCamera::Close -//Function to handle capture and store -int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event_file ) { +// Function to handle capture and store +int FfmpegCamera::CaptureAndRecord( + Image &image, + timeval recording, + char* event_file + ) { if ( !mCanCapture ) { return -1; } int ret; - + int frameComplete = false; while ( !frameComplete ) { av_init_packet(&packet); @@ -707,7 +701,10 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( ret < 0 ) { if ( // Check if EOF. - (ret == AVERROR_EOF || (mFormatContext->pb && mFormatContext->pb->eof_reached)) || + ( + (ret == AVERROR_EOF) || + (mFormatContext->pb && mFormatContext->pb->eof_reached) + ) || // Check for Connection failure. (ret == -110) ) { @@ -721,9 +718,14 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event } if ( (packet.pts != AV_NOPTS_VALUE) && (packet.pts < -100000) ) { - // Ignore packets that have crazy negative pts. They aren't supposed to happen. - Warning("Ignore packet because pts %" PRId64 " is massively negative. Error count is %d", packet.pts, error_count); - dumpPacket(mFormatContext->streams[packet.stream_index], &packet,"Ignored packet"); + // Ignore packets that have crazy negative pts. + // They aren't supposed to happen. + Warning("Ignore packet because pts %" PRId64 " is massively negative." + " Error count is %d", packet.pts, error_count); + dumpPacket( + mFormatContext->streams[packet.stream_index], + &packet, + "Ignored packet"); if ( error_count > 100 ) { Error("Bad packet count over 100, going to close and re-open stream"); return -1; @@ -736,14 +738,16 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event int keyframe = packet.flags & AV_PKT_FLAG_KEY; bytes += packet.size; - dumpPacket(mFormatContext->streams[packet.stream_index], &packet, "Captured Packet"); + dumpPacket( + mFormatContext->streams[packet.stream_index], + &packet, + "Captured Packet"); if ( packet.dts == AV_NOPTS_VALUE ) { packet.dts = packet.pts; } // Video recording if ( recording.tv_sec ) { - uint32_t last_event_id = monitor->GetLastEventId(); uint32_t video_writer_event_id = monitor->GetVideoWriterEventId(); @@ -754,26 +758,27 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( videoStore ) { Info("Re-starting video storage module"); - // I don't know if this is important or not... but I figure we might as well write this last packet out to the store before closing it. + // I don't know if this is important or not... but I figure we might + // as well write this last packet out to the store before closing it. // Also don't know how much it matters for audio. if ( packet.stream_index == mVideoStreamId ) { - //Write the packet to our video store + // Write the packet to our video store int ret = videoStore->writeVideoFramePacket(&packet); - if ( ret < 0 ) { //Less than zero and we skipped a frame + if ( ret < 0 ) { // Less than zero and we skipped a frame Warning("Error writing last packet to videostore."); } - } // end if video + } // end if video delete videoStore; videoStore = NULL; have_video_keyframe = false; monitor->SetVideoWriterEventId(0); - } // end if videoStore - } // end if end of recording + } // end if videoStore + } // end if end of recording - if ( last_event_id and !videoStore ) { - //Instantiate the video storage module + if ( last_event_id && !videoStore ) { + // Instantiate the video storage module packetqueue->dumpQueue(); if ( record_audio ) { @@ -799,9 +804,9 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event mFormatContext->streams[mVideoStreamId], NULL, this->getMonitor()); - } // end if record_audio + } // end if record_audio - if ( ! videoStore->open() ) { + if ( !videoStore->open() ) { delete videoStore; videoStore = NULL; @@ -809,60 +814,72 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event monitor->SetVideoWriterEventId(last_event_id); // Need to write out all the frames from the last keyframe? - // No... need to write out all frames from when the event began. Due to PreEventFrames, this could be more than since the last keyframe. + // No... need to write out all frames from when the event began. + // Due to PreEventFrames, this could be more than + // since the last keyframe. unsigned int packet_count = 0; ZMPacket *queued_packet; // Clear all packets that predate the moment when the recording began - packetqueue->clear_unwanted_packets(&recording, monitor->GetPreEventCount(), mVideoStreamId); + packetqueue->clear_unwanted_packets( + &recording, monitor->GetPreEventCount(), mVideoStreamId); - while ( ( queued_packet = packetqueue->popPacket() ) ) { + while ( (queued_packet = packetqueue->popPacket()) ) { AVPacket *avp = queued_packet->av_packet(); packet_count += 1; - //Write the packet to our video store + // Write the packet to our video store Debug(2, "Writing queued packet stream: %d KEY %d, remaining (%d)", - avp->stream_index, avp->flags & AV_PKT_FLAG_KEY, packetqueue->size()); + avp->stream_index, + avp->flags & AV_PKT_FLAG_KEY, + packetqueue->size()); if ( avp->stream_index == mVideoStreamId ) { ret = videoStore->writeVideoFramePacket(avp); have_video_keyframe = true; } else if ( avp->stream_index == mAudioStreamId ) { ret = videoStore->writeAudioFramePacket(avp); } else { - Warning("Unknown stream id in queued packet (%d)", avp->stream_index); + Warning("Unknown stream id in queued packet (%d)", + avp->stream_index); ret = -1; } if ( ret < 0 ) { // Less than zero and we skipped a frame } delete queued_packet; - } // end while packets in the packetqueue + } // end while packets in the packetqueue Debug(2, "Wrote %d queued packets", packet_count); } - } // end if ! was recording + } // end if ! was recording } else { // Not recording - + if ( videoStore ) { - Debug(1,"Deleting videoStore instance"); + Debug(1, "Deleting videoStore instance"); delete videoStore; videoStore = NULL; have_video_keyframe = false; monitor->SetVideoWriterEventId(0); } - } // end if recording or not + } // end if recording or not // Buffer video packets, since we are not recording. // All audio packets are keyframes, so only if it's a video keyframe if ( packet.stream_index == mVideoStreamId ) { if ( keyframe ) { Debug(3, "Clearing queue"); - if ( packetqueue->packet_count(mVideoStreamId) >= monitor->GetImageBufferCount() ) { - Warning("ImageBufferCount %d is too small. Needs to be at least %d. Either increase it or decrease time between keyframes", + if ( + packetqueue->packet_count(mVideoStreamId) + >= + monitor->GetImageBufferCount() + ) { + Warning( + "ImageBufferCount %d is too small. " + "Needs to be at least %d. " + "Either increase it or decrease time between keyframes", monitor->GetImageBufferCount(), - packetqueue->packet_count(mVideoStreamId)+1 - ); + packetqueue->packet_count(mVideoStreamId)+1); } packetqueue->clearQueue(monitor->GetPreEventCount(), mVideoStreamId); @@ -870,36 +887,29 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event } else if ( packetqueue->size() ) { // it's a keyframe or we already have something in the queue packetqueue->queuePacket(&packet); - } + } } else if ( packet.stream_index == mAudioStreamId ) { - // The following lines should ensure that the queue always begins with a video keyframe -//Debug(2, "Have audio packet, reocrd_audio is (%d) and packetqueue.size is (%d)", record_audio, packetqueue.size() ); - if ( record_audio && packetqueue->size() ) { - // if it's audio, and we are doing audio, and there is already something in the queue + // Ensure that the queue always begins with a video keyframe + if ( record_audio && packetqueue->size() ) { packetqueue->queuePacket(&packet); } - } // end if packet type + } // end if packet type if ( packet.stream_index == mVideoStreamId ) { - // only do decode if we have had a keyframe, should save a few cycles. - if ( have_video_keyframe || keyframe ) { - - if ( videoStore ) { - //Write the packet to our video store - int ret = videoStore->writeVideoFramePacket(&packet); - if ( ret < 0 ) { //Less than zero and we skipped a frame - zm_av_packet_unref(&packet); - return 0; - } + if ( (have_video_keyframe || keyframe) && videoStore ) { + int ret = videoStore->writeVideoFramePacket(&packet); + if ( ret < 0 ) { + // Less than zero and we skipped a frame + Error("Unable to write video packet %d: %s", + frameCount, av_make_error_string(ret).c_str()); + } else { have_video_keyframe = true; } - } // end if keyframe or have_video_keyframe - - Debug(4, "about to decode video"); + } // end if keyframe or have_video_keyframe ret = zm_receive_frame(mVideoCodecContext, mRawFrame, packet); if ( ret < 0 ) { - Warning("Unable to receive frame %d: %s, continuing. error count is %d", + Warning("Unable to receive frame %d: %s. error count is %d", frameCount, av_make_error_string(ret).c_str(), error_count); error_count += 1; if ( error_count > 100 ) { @@ -909,10 +919,14 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event zm_av_packet_unref(&packet); continue; } - if ( error_count > 0 ) error_count --; + if ( error_count > 0 ) error_count--; zm_dump_video_frame(mRawFrame); #if HAVE_LIBAVUTIL_HWCONTEXT_H - if ( (hw_pix_fmt != AV_PIX_FMT_NONE) && (mRawFrame->format == hw_pix_fmt) ) { + if ( + (hw_pix_fmt != AV_PIX_FMT_NONE) + && + (mRawFrame->format == hw_pix_fmt) + ) { /* retrieve data from GPU to CPU */ ret = av_hwframe_transfer_data(hwFrame, mRawFrame, 0); if ( ret < 0 ) { @@ -920,7 +934,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event frameCount, av_make_error_string(ret).c_str()); zm_av_packet_unref(&packet); continue; - } + } zm_dump_video_frame(hwFrame, "After hwtransfer"); hwFrame->pts = mRawFrame->pts; @@ -940,23 +954,23 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event frameComplete = 1; frameCount++; - } else if ( packet.stream_index == mAudioStreamId ) { //FIXME best way to copy all other streams + } else if ( packet.stream_index == mAudioStreamId ) { + // FIXME best way to copy all other streams frameComplete = 1; if ( videoStore ) { if ( record_audio ) { if ( have_video_keyframe ) { - Debug(3, "Recording audio packet streamindex(%d) packetstreamindex(%d)", - mAudioStreamId, packet.stream_index); - //Write the packet to our video store - //FIXME no relevance of last key frame - int ret = videoStore->writeAudioFramePacket(&packet); - if ( ret < 0 ) {//Less than zero and we skipped a frame - Warning("Failure to write audio packet."); - zm_av_packet_unref(&packet); - return 0; - } + // Write the packet to our video store + // FIXME no relevance of last key frame + int ret = videoStore->writeAudioFramePacket(&packet); + if ( ret < 0 ) { + // Less than zero and we skipped a frame + Warning("Failure to write audio packet."); + zm_av_packet_unref(&packet); + return 0; + } } else { - Debug(3, "Not recording audio yet because we don't have a video keyframe yet"); + Debug(3, "Not recording audio because no video keyframe"); } } else { Debug(4, "Not doing recording of audio packet"); @@ -970,20 +984,27 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event #if LIBAVUTIL_VERSION_CHECK(56, 23, 0, 23, 0) Debug(3, "Some other stream index %d, %s", packet.stream_index, - av_get_media_type_string(mFormatContext->streams[packet.stream_index]->codecpar->codec_type) + av_get_media_type_string( + mFormatContext->streams[packet.stream_index]->codecpar->codec_type) ); #else Debug(3, "Some other stream index %d", packet.stream_index); #endif - } // end if is video or audio or something else - - // the packet contents are ref counted... when queuing, we allocate another packet and reference it with that one, so we should always need to unref here, which should not affect the queued version. - zm_av_packet_unref(&packet); - } // end while ! frameComplete - return frameCount; -} // end FfmpegCamera::CaptureAndRecord + } // end if is video or audio or something else -int FfmpegCamera::transfer_to_image(Image &image, AVFrame *output_frame, AVFrame *input_frame) { + // the packet contents are ref counted... when queuing, we allocate another + // packet and reference it with that one, so we should always need to unref + // here, which should not affect the queued version. + zm_av_packet_unref(&packet); + } // end while ! frameComplete + return frameCount; +} // end FfmpegCamera::CaptureAndRecord + +int FfmpegCamera::transfer_to_image( + Image &image, + AVFrame *output_frame, + AVFrame *input_frame + ) { uint8_t* directbuffer; /* Request a writeable buffer of the target image */ @@ -1010,33 +1031,36 @@ int FfmpegCamera::transfer_to_image(Image &image, AVFrame *output_frame, AVFrame NULL, NULL); if ( mConvertContext == NULL ) { Error("Unable to create conversion context for %s from %s to %s", - mPath.c_str(), - av_get_pix_fmt_name((AVPixelFormat)input_frame->format), - av_get_pix_fmt_name(imagePixFormat) - ); - return -1; + mPath.c_str(), + av_get_pix_fmt_name((AVPixelFormat)input_frame->format), + av_get_pix_fmt_name(imagePixFormat) + ); + return -1; } } - if ( sws_scale(mConvertContext, input_frame->data, input_frame->linesize, - 0, mVideoCodecContext->height, output_frame->data, output_frame->linesize) <= 0 ) { - Error("Unable to convert raw format %u to target format %u at frame %d codec %u ", + if ( sws_scale( + mConvertContext, input_frame->data, input_frame->linesize, + 0, mVideoCodecContext->height, + output_frame->data, output_frame->linesize) <= 0 ) { + Error("Unable to convert format %u to format %u at frame %d codec %u", input_frame->format, imagePixFormat, frameCount, mVideoCodecContext->pix_fmt ); return -1; } -#else // HAVE_LIBSWSCALE - Fatal("You must compile ffmpeg with the --enable-swscale option to use ffmpeg cameras"); -#endif // HAVE_LIBSWSCALE +#else // HAVE_LIBSWSCALE + Fatal("You must compile ffmpeg with the --enable-swscale " + "option to use ffmpeg cameras"); +#endif // HAVE_LIBSWSCALE return 0; -} // end int FfmpegCamera::transfer_to_image(Image &i, AVFrame *output_frame, AVFrame input_frame) +} // end int FfmpegCamera::transfer_to_image int FfmpegCamera::FfmpegInterruptCallback(void *ctx) { - //FfmpegCamera* camera = reinterpret_cast(ctx); - //Debug(4, "FfmpegInterruptCallback"); + // FfmpegCamera* camera = reinterpret_cast(ctx); + // Debug(4, "FfmpegInterruptCallback"); return zm_terminate; } -#endif // HAVE_LIBAVFORMAT +#endif // HAVE_LIBAVFORMAT From 4e8ac4706016ccf6fb383c252c9874afc6be5aac Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 2 Jul 2019 11:58:22 -0400 Subject: [PATCH 259/360] Use the video_first_pts to set the audio_first_pts --- src/zm_videostore.cpp | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 90ddcc4c3..da9ec6a9c 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -890,12 +890,20 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { // Scale the PTS of the outgoing packet to be the correct time base if ( ipkt->pts != AV_NOPTS_VALUE ) { - // ffmpeg has a bug where it screws up the pts to massively negative. if ( (!video_first_pts) && (ipkt->pts >= 0) ) { // This is the first packet. opkt.pts = 0; Debug(2, "Starting video first_pts will become %" PRId64, ipkt->pts); video_first_pts = ipkt->pts; +#if 1 + // Since audio starts after the start of the video, need to set this here. + audio_first_pts = av_rescale_q( + ipkt->pts, + video_in_stream->time_base, + audio_in_stream->time_base + ); + Debug(2, "Starting audio first_pts will become %" PRId64, audio_first_pts); +#endif } else { opkt.pts = av_rescale_q( ipkt->pts - video_first_pts, @@ -923,6 +931,15 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { opkt.dts = 0; Debug(1, "Starting video first_dts will become (%" PRId64 ")", ipkt->dts); video_first_dts = ipkt->dts; +#if 1 + // Since audio starts after the start of the video, need to set this here. + audio_first_dts = av_rescale_q( + ipkt->dts, + video_in_stream->time_base, + audio_in_stream->time_base + ); + Debug(2, "Starting audio first dts will become %" PRId64, audio_first_dts); +#endif } else { opkt.dts = av_rescale_q( ipkt->dts - video_first_dts, @@ -1092,7 +1109,7 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { if ( !audio_first_pts ) { opkt.pts = 0; audio_first_pts = ipkt->pts; - Debug(1, "No video_first_pts"); + Debug(1, "No audio_first_pts"); } else { opkt.pts = av_rescale_q( ipkt->pts - audio_first_pts, From 5ea5bd9bdefd5293ce912923e85b592ba72d447c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 2 Jul 2019 12:26:33 -0400 Subject: [PATCH 260/360] Only do audio_first_pts if we have audio_in_stream --- src/zm_videostore.cpp | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index da9ec6a9c..bd4f47a2f 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -896,13 +896,15 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { Debug(2, "Starting video first_pts will become %" PRId64, ipkt->pts); video_first_pts = ipkt->pts; #if 1 - // Since audio starts after the start of the video, need to set this here. - audio_first_pts = av_rescale_q( - ipkt->pts, - video_in_stream->time_base, - audio_in_stream->time_base - ); - Debug(2, "Starting audio first_pts will become %" PRId64, audio_first_pts); + if ( audio_in_stream ) { + // Since audio starts after the start of the video, need to set this here. + audio_first_pts = av_rescale_q( + ipkt->pts, + video_in_stream->time_base, + audio_in_stream->time_base + ); + Debug(2, "Starting audio first_pts will become %" PRId64, audio_first_pts); + } #endif } else { opkt.pts = av_rescale_q( @@ -932,13 +934,15 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { Debug(1, "Starting video first_dts will become (%" PRId64 ")", ipkt->dts); video_first_dts = ipkt->dts; #if 1 - // Since audio starts after the start of the video, need to set this here. - audio_first_dts = av_rescale_q( - ipkt->dts, - video_in_stream->time_base, - audio_in_stream->time_base - ); - Debug(2, "Starting audio first dts will become %" PRId64, audio_first_dts); + if ( audio_in_stream ) { + // Since audio starts after the start of the video, need to set this here. + audio_first_dts = av_rescale_q( + ipkt->dts, + video_in_stream->time_base, + audio_in_stream->time_base + ); + Debug(2, "Starting audio first dts will become %" PRId64, audio_first_dts); + } #endif } else { opkt.dts = av_rescale_q( From a9579484b8700af47fd7dd9f0a1e55d6770b993f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 3 Jul 2019 09:49:53 -0400 Subject: [PATCH 261/360] gracefully handle failure to config hw pix fmt and debug a bit more --- src/zm_ffmpeg_camera.cpp | 42 +++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 9cf2d93ef..3399e4e80 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -455,36 +455,46 @@ int FfmpegCamera::OpenFfmpeg() { if ( !config ) { Debug(1, "Decoder %s does not support device type %s.", mVideoCodec->name, av_hwdevice_get_type_name(type)); - return -1; + break; } if ( (config->methods & AV_CODEC_HW_CONFIG_METHOD_HW_DEVICE_CTX) && (config->device_type == type) ) { hw_pix_fmt = config->pix_fmt; break; + } else { + Debug(1, "decoder %s hwConfig doesn't match our type: %s, pix_fmt %s.", + mVideoCodec->name, + av_hwdevice_get_type_name(config-device_type), + av_get_pix_fmt_name(config->pix_fmt); + ); } } // end foreach hwconfig #else hw_pix_fmt = find_fmt_by_hw_type(type); #endif -Debug(1, "Selected gw_pix_fmt %d %s", - hw_pix_fmt, - av_get_pix_fmt_name(hw_pix_fmt)); + if ( hw_pix_fmt != AV_PIX_FMT_NONE ) { + Debug(1, "Selected gw_pix_fmt %d %s", + hw_pix_fmt, + av_get_pix_fmt_name(hw_pix_fmt)); - mVideoCodecContext->get_format = get_hw_format; + mVideoCodecContext->get_format = get_hw_format; - Debug(1, "Creating hwdevice for %s", - (hwaccel_device != "" ? hwaccel_device.c_str() : "")); - ret = av_hwdevice_ctx_create(&hw_device_ctx, type, - (hwaccel_device != "" ? hwaccel_device.c_str(): NULL), NULL, 0); - if ( ret < 0 ) { - Error("Failed to create specified HW device."); - return -1; + Debug(1, "Creating hwdevice for %s", + (hwaccel_device != "" ? hwaccel_device.c_str() : "")); + ret = av_hwdevice_ctx_create(&hw_device_ctx, type, + (hwaccel_device != "" ? hwaccel_device.c_str(): NULL), NULL, 0); + if ( ret < 0 ) { + Error("Failed to create specified HW device."); + return -1; + } + Debug(1, "Created hwdevice"); + mVideoCodecContext->hw_device_ctx = av_buffer_ref(hw_device_ctx); + hwaccel = true; + hwFrame = zm_av_frame_alloc(); + } else { + Debug(1, "Failed to setup hwaccel."); } - Debug(1, "Created hwdevice"); - mVideoCodecContext->hw_device_ctx = av_buffer_ref(hw_device_ctx); - hwaccel = true; - hwFrame = zm_av_frame_alloc(); #else Warning("HWAccel support not compiled in."); #endif From 2470c09b20f82b05aa0515da1b0e5c44bef32523 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 3 Jul 2019 17:19:10 -0400 Subject: [PATCH 262/360] Honour thumbnail width when bringing up frames popup for frames and alarm frames --- web/skins/classic/views/events.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/views/events.php b/web/skins/classic/views/events.php index 703e67153..fc692169b 100644 --- a/web/skins/classic/views/events.php +++ b/web/skins/classic/views/events.php @@ -215,8 +215,12 @@ while ( $event_row = dbFetchNext($results) ) { ( $event->EndTime() ? ' until ' . strftime(STRF_FMT_DATETIME_SHORTER, strtotime($event->EndTime()) ) : '' ) ?>
- - + + From 5b896b5e5ca57fe9780e852d570a31c7a5b2ecfb Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 8 Jul 2019 14:16:57 -0400 Subject: [PATCH 273/360] Replace password('admin') with the resulting string because use of password is deprecated --- db/zm_create.sql.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index 261a4368c..d1952f66a 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -749,7 +749,7 @@ insert into Storage VALUES (NULL, '@ZM_DIR_EVENTS@', 'Default', 'local', NULL, N -- -- Create a default admin user. -- -insert into Users VALUES (NULL,'admin',password('admin'),'',1,'View','Edit','Edit','Edit','Edit','Edit','Edit','','',0,1); +insert into Users VALUES (NULL,'admin','$2b$12$NHZsm6AM2f2LQVROriz79ul3D6DnmFiZC.ZK5eqbF.ZWfwH9bqUJ6','',1,'View','Edit','Edit','Edit','Edit','Edit','Edit','','',0,1); -- -- Add a sample filter to purge the oldest 100 events when the disk is 95% full From df8c46f0f0a26ae8b7a574533d6822835b9e9230 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 8 Jul 2019 14:22:46 -0400 Subject: [PATCH 274/360] Fix #2657 --- web/skins/classic/views/report_event_audit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/skins/classic/views/report_event_audit.php b/web/skins/classic/views/report_event_audit.php index b378dc43d..f3f508623 100644 --- a/web/skins/classic/views/report_event_audit.php +++ b/web/skins/classic/views/report_event_audit.php @@ -218,7 +218,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) { '.count($FileMissing).'' : '0' ?> Date: Mon, 8 Jul 2019 14:27:49 -0400 Subject: [PATCH 275/360] Fix #2655 --- web/includes/Event.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/web/includes/Event.php b/web/includes/Event.php index 07460a7ec..1b996a839 100644 --- a/web/includes/Event.php +++ b/web/includes/Event.php @@ -580,6 +580,9 @@ class Event { if ( file_exists( $this->Path().'/'.$this->DefaultVideo() ) ) { return true; } + if ( !defined('ZM_SERVER_ID') ) { + return false; + } $Storage= $this->Storage(); $Server = $Storage->ServerId() ? $Storage->Server() : $this->Monitor()->Server(); if ( $Server->Id() != ZM_SERVER_ID ) { @@ -624,6 +627,9 @@ class Event { if ( file_exists($this->Path().'/'.$this->DefaultVideo()) ) { return filesize($this->Path().'/'.$this->DefaultVideo()); } + if ( !defined('ZM_SERVER_ID') ) { + return false; + } $Storage= $this->Storage(); $Server = $Storage->ServerId() ? $Storage->Server() : $this->Monitor()->Server(); if ( $Server->Id() != ZM_SERVER_ID ) { From 288f2f3e8f1f91bfaec70c6597d4d0c06d078fae Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 11 Jul 2019 17:56:22 -0400 Subject: [PATCH 276/360] Convert zm_dump_frame from a function to a define, this way we get line #'s from where we call zm_dump_frame instead of from the line in zm_ffmpeg where the function was. --- src/zm_ffmpeg.cpp | 19 ------------------- src/zm_ffmpeg.h | 31 ++++++++++++++++++++++++++++++- 2 files changed, 30 insertions(+), 20 deletions(-) diff --git a/src/zm_ffmpeg.cpp b/src/zm_ffmpeg.cpp index 4ee6e6707..2ea1142bf 100644 --- a/src/zm_ffmpeg.cpp +++ b/src/zm_ffmpeg.cpp @@ -298,25 +298,6 @@ void zm_dump_video_frame(const AVFrame *frame, const char *text) { frame->pts ); } -void zm_dump_frame(const AVFrame *frame,const char *text) { - Debug(1, "%s: format %d %s sample_rate %" PRIu32 " nb_samples %d channels %d" - " duration %" PRId64 - " layout %d pts %" PRId64, - text, - frame->format, - av_get_sample_fmt_name((AVSampleFormat)frame->format), - frame->sample_rate, - frame->nb_samples, -#if LIBAVCODEC_VERSION_CHECK(56, 8, 0, 60, 100) - frame->channels, - frame->pkt_duration, -#else -0, 0, -#endif - frame->channel_layout, - frame->pts - ); -} #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) void zm_dump_codecpar ( const AVCodecParameters *par ) { diff --git a/src/zm_ffmpeg.h b/src/zm_ffmpeg.h index 18e018e26..7618a461b 100644 --- a/src/zm_ffmpeg.h +++ b/src/zm_ffmpeg.h @@ -299,7 +299,36 @@ void zm_dump_codec(const AVCodecContext *codec); #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) void zm_dump_codecpar(const AVCodecParameters *par); #endif -void zm_dump_frame(const AVFrame *frame, const char *text="Frame"); +#if LIBAVCODEC_VERSION_CHECK(56, 8, 0, 60, 100) +#define zm_dump_frame(frame, text) Debug(1, "%s: format %d %s sample_rate %" PRIu32 " nb_samples %d channels %d" \ + " duration %" PRId64 \ + " layout %d pts %" PRId64,\ + text, \ + frame->format, \ + av_get_sample_fmt_name((AVSampleFormat)frame->format), \ + frame->sample_rate, \ + frame->nb_samples, \ + frame->channels, \ + frame->pkt_duration, \ + frame->channel_layout, \ + frame->pts \ + ); +#else +#define zm_dump_frame(frame, text) Debug(1, "%s: format %d %s sample_rate %" PRIu32 " nb_samples %d channels %d" \ + " duration %" PRId64 \ + " layout %d pts %" PRId64, \ + text, \ + frame->format, \ + av_get_sample_fmt_name((AVSampleFormat)frame->format), \ + frame->sample_rate, \ + frame->nb_samples, \ + 0, 0, \ + frame->channel_layout, \ + frame->pts \ + ); + +#endif + void zm_dump_video_frame(const AVFrame *frame, const char *text="Frame"); #if LIBAVCODEC_VERSION_CHECK(56, 8, 0, 60, 100) From 13c91bdf606568ae4b3ad1887c528c19c00329a9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 11 Jul 2019 17:56:53 -0400 Subject: [PATCH 277/360] Add pts adjustment to the delayed flushed encoder packets --- src/zm_videostore.cpp | 74 +++++++++++++++++++++++++++++-------------- 1 file changed, 50 insertions(+), 24 deletions(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 5ffec165b..355578ffc 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -476,7 +476,51 @@ VideoStore::~VideoStore() { break; } #endif + + // Need to adjust pts and dts and duration + pkt.stream_index = audio_out_stream->index; + + pkt.duration = av_rescale_q( + pkt.duration, + audio_out_ctx->time_base, + audio_out_stream->time_base); + // Scale the PTS of the outgoing packet to be the correct time base + if ( pkt.pts != AV_NOPTS_VALUE ) { + pkt.pts = av_rescale_q( + pkt.pts, + audio_out_ctx->time_base, + audio_in_stream->time_base); + // audio_first_pts is in audio_in_stream time base + pkt.pts -= audio_first_pts; + pkt.pts = av_rescale_q( + pkt.pts, + audio_in_stream->time_base, + audio_out_stream->time_base); + + Debug(2, "audio pkt.pts = %" PRId64 " from first_pts(%" PRId64 ")", + pkt.pts, audio_first_pts); + } else { + Debug(2, "pkt.pts = undef"); + pkt.pts = AV_NOPTS_VALUE; + } + + if ( pkt.dts != AV_NOPTS_VALUE ) { + pkt.dts = av_rescale_q( + pkt.dts, + audio_out_ctx->time_base, + audio_in_stream->time_base); + pkt.dts -= audio_first_dts; + pkt.dts = av_rescale_q( + pkt.dts, + audio_in_ctx->time_base, + audio_out_stream->time_base); + Debug(2, "pkt.dts = %" PRId64 " - first_dts(%" PRId64 ")", + pkt.dts, audio_first_dts); + } else { + pkt.dts = AV_NOPTS_VALUE; + } + dumpPacket(audio_out_stream, &pkt, "writing flushed packet"); av_interleaved_write_frame(oc, &pkt); zm_av_packet_unref(&pkt); @@ -1196,28 +1240,9 @@ int VideoStore::resample_audio() { av_make_error_string(ret).c_str()); return 0; } - zm_dump_frame(out_frame, "Out frame after convert"); - -#if 0 - // out_frame pts is in the input pkt pts... needs to be adjusted before sending to the encoder - if ( out_frame->pts != AV_NOPTS_VALUE ) { - if ( !video_first_pts ) { - video_first_pts = out_frame->pts; - Debug(1, "No video_first_pts setting to %" PRId64, video_first_pts); - out_frame->pts = 0; - } else { - out_frame->pts = out_frame->pts - video_first_pts; - } - // - } else { - // sending AV_NOPTS_VALUE doesn't really work but we seem to get it in ffmpeg 2.8 - out_frame->pts = audio_next_pts; - } - audio_next_pts = out_frame->pts + out_frame->nb_samples; -#endif - - if ((ret = av_audio_fifo_realloc(fifo, av_audio_fifo_size(fifo) + out_frame->nb_samples)) < 0) { + ret = av_audio_fifo_realloc(fifo, av_audio_fifo_size(fifo) + out_frame->nb_samples); + if ( ret < 0 ) { Error("Could not reallocate FIFO"); return 0; } @@ -1232,7 +1257,7 @@ int VideoStore::resample_audio() { // Reset frame_size to output_frame_size int frame_size = audio_out_ctx->frame_size; - // AAC requires 1024 samples per encode. Our input tends to be 160, so need to buffer them. + // AAC requires 1024 samples per encode. Our input tends to be something else, so need to buffer them. if ( frame_size > av_audio_fifo_size(fifo) ) { return 0; } @@ -1245,10 +1270,11 @@ int VideoStore::resample_audio() { // resampling changes the duration because the timebase is 1/samples // I think we should be dealing in codec timebases not stream if ( in_frame->pts != AV_NOPTS_VALUE ) { + // pkt_duration is in avstream timebase units out_frame->pkt_duration = av_rescale_q( in_frame->pkt_duration, - audio_in_ctx->time_base, - audio_out_ctx->time_base); + audio_in_stream->time_base, + audio_out_stream->time_base); out_frame->pts = av_rescale_q( in_frame->pts, audio_in_ctx->time_base, From 05be9008c76553cee28be56927c5250ad8f0b87d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 11 Jul 2019 17:57:11 -0400 Subject: [PATCH 278/360] use FFMPEGInit to initialise ffmpeg instead of doing it ourselves --- src/zm_ffmpeg_input.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/zm_ffmpeg_input.cpp b/src/zm_ffmpeg_input.cpp index 5cca6b35b..03d89348d 100644 --- a/src/zm_ffmpeg_input.cpp +++ b/src/zm_ffmpeg_input.cpp @@ -7,8 +7,7 @@ FFmpeg_Input::FFmpeg_Input() { input_format_context = NULL; video_stream_id = -1; audio_stream_id = -1; - av_register_all(); - avcodec_register_all(); + FFMPEGInit(); streams = NULL; frame = NULL; } From 52e7cde66d3802fd46d5afc611768444ab44e913 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 11 Jul 2019 19:04:51 -0400 Subject: [PATCH 279/360] If Email has EIMOD, not only attach the image if it exists, but replace %EIMOD% with the link to it --- scripts/zmfilter.pl.in | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index 6527742c8..b572d40fa 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -728,6 +728,7 @@ sub substituteTags { } if ( $text =~ s/%EIMOD%//g ) { + $text =~ s/%EIMOD%/$url?view=frame&mid=$Event->{MonitorId}&eid=$Event->{Id}&fid=objdetect/g; my $path = $Event->Path().'/objdetect.jpg'; if ( -e $path ) { push @$attachments_ref, { type=>'image/jpeg', path=>$path }; From 67168a23870ea1e9749640ec6b30f8fc6aea963e Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 12 Jul 2019 14:31:39 -0400 Subject: [PATCH 280/360] demote token log (#2663) --- src/zm_user.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 35f25f7c9..0c8142374 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -193,7 +193,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { } Debug (1,"Got stored expiry time of %u",stored_iat); - Info ("Authenticated user '%s' via token", username.c_str()); + Debug (1,"Authenticated user '%s' via token", username.c_str()); mysql_free_result(result); return user; From ef9fe2dbd62b68ec190e9882c11ec2a0e3b43214 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 17 Jul 2019 10:06:30 -0400 Subject: [PATCH 281/360] Free up hwFrame, preventing memleak --- src/zm_ffmpeg_camera.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index b96142aab..87b53c1d6 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -137,6 +137,7 @@ FfmpegCamera::FfmpegCamera( hwaccel = false; hwFrame = NULL; + hw_device_ctx = NULL; mFormatContext = NULL; mVideoStreamId = -1; @@ -648,6 +649,10 @@ int FfmpegCamera::Close() { av_frame_free(&mRawFrame); mRawFrame = NULL; } + if ( hwFrame ) { + av_frame_free(&hwFrame); + hwFrame = NULL; + } #if HAVE_LIBSWSCALE if ( mConvertContext ) { @@ -675,6 +680,12 @@ int FfmpegCamera::Close() { #endif mAudioCodecContext = NULL; // Freed by av_close_input_file } +#if 0 + if ( hw_device_ctx ) { + hwdevice_ctx_free + } +#endif + if ( mFormatContext ) { #if !LIBAVFORMAT_VERSION_CHECK(53, 17, 0, 25, 0) From 75af3972239f746ffca58ea185e47e341e68083f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 17 Jul 2019 20:33:23 -0400 Subject: [PATCH 282/360] hwFrame isn't defined unless we have HWCONTEXT_H --- src/zm_ffmpeg_camera.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 87b53c1d6..d5a02ddb7 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -649,10 +649,12 @@ int FfmpegCamera::Close() { av_frame_free(&mRawFrame); mRawFrame = NULL; } +#if HAVE_LIBAVUTIL_HWCONTEXT_H if ( hwFrame ) { av_frame_free(&hwFrame); hwFrame = NULL; } +#endif #if HAVE_LIBSWSCALE if ( mConvertContext ) { From 2b7610a5acf1588c54affbda7bf8364b3dbf45d5 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 17 Jul 2019 20:37:27 -0400 Subject: [PATCH 283/360] fixed ffmpeg log association to zm log levels (#2664) --- src/zm_ffmpeg.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/zm_ffmpeg.cpp b/src/zm_ffmpeg.cpp index 2ea1142bf..1df9b7718 100644 --- a/src/zm_ffmpeg.cpp +++ b/src/zm_ffmpeg.cpp @@ -73,14 +73,14 @@ static bool bInit = false; void FFMPEGInit() { if ( !bInit ) { - if ( logDebugging() ) + if ( logDebugging() && config.log_ffmpeg ) { av_log_set_level( AV_LOG_DEBUG ); - else + av_log_set_callback(log_libav_callback); + Info("Enabling ffmpeg logs, as LOG_DEBUG+LOG_FFMPEG are enabled in options"); + } else { + Info("Not enabling ffmpeg logs, as LOG_FFMPEG and/or LOG_DEBUG is disabled in options, or this monitor not part of your debug targets"); av_log_set_level( AV_LOG_QUIET ); - if ( config.log_ffmpeg ) - av_log_set_callback(log_libav_callback); - else - Info("Not enabling ffmpeg logs, as LOG_FFMPEG is disabled in options"); + } #if LIBAVFORMAT_VERSION_CHECK(58, 9, 0, 64, 0) #else av_register_all(); From a9d01ba3d2035fd2032fcc2311025c19f3a90685 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 17 Jul 2019 20:38:58 -0400 Subject: [PATCH 284/360] Alarm api (#2665) * fixed alarm api to use tokens if present * clearer debug logs for tokens * space --- src/zm_user.cpp | 5 +++-- web/api/app/Controller/MonitorsController.php | 7 ++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 0c8142374..b873b8547 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -157,6 +157,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { std::pair ans = verifyToken(jwt_token_str, key); std::string username = ans.first; unsigned int iat = ans.second; + Debug (1,"retrieved user '%s' from token", username.c_str()); if (username != "") { char sql[ZM_SQL_MED_BUFSIZ] = ""; @@ -178,7 +179,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if ( n_users != 1 ) { mysql_free_result(result); - Error("Unable to authenticate user %s", username.c_str()); + Error("Unable to authenticate user '%s'", username.c_str()); return NULL; } @@ -188,7 +189,7 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if (stored_iat > iat ) { // admin revoked tokens mysql_free_result(result); - Error("Token was revoked for %s", username.c_str()); + Error("Token was revoked for '%s'", username.c_str()); return NULL; } diff --git a/web/api/app/Controller/MonitorsController.php b/web/api/app/Controller/MonitorsController.php index f83aecf97..0686232df 100644 --- a/web/api/app/Controller/MonitorsController.php +++ b/web/api/app/Controller/MonitorsController.php @@ -254,6 +254,7 @@ class MonitorsController extends AppController { throw new BadRequestException(__('Invalid command')); } $zm_path_bin = Configure::read('ZM_PATH_BIN'); + $mToken = $this->request->query('token') ? $this->request->query('token') : null; switch ($cmd) { case 'on': @@ -281,8 +282,12 @@ class MonitorsController extends AppController { $zmAuthRelay = $config['Config']['Value']; $auth = ''; + if ( $zmOptAuth ) { - if ( $zmAuthRelay == 'hashed' ) { + if ($mToken) { + $auth = ' -T '.$mToken; + } + elseif ( $zmAuthRelay == 'hashed' ) { $options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_HASH_SECRET')); $config = $this->Config->find('first', $options); $zmAuthHashSecret = $config['Config']['Value']; From 542d88b6a4abf4955e2540615d07a97adb2198d6 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 17 Jul 2019 21:10:24 -0400 Subject: [PATCH 285/360] fix compile without HWCONTEXT --- src/zm_ffmpeg_camera.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index d5a02ddb7..f0f6a3b1d 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -136,8 +136,6 @@ FfmpegCamera::FfmpegCamera( } hwaccel = false; - hwFrame = NULL; - hw_device_ctx = NULL; mFormatContext = NULL; mVideoStreamId = -1; @@ -155,6 +153,8 @@ FfmpegCamera::FfmpegCamera( packetqueue = NULL; error_count = 0; #if HAVE_LIBAVUTIL_HWCONTEXT_H + hwFrame = NULL; + hw_device_ctx = NULL; hw_pix_fmt = AV_PIX_FMT_NONE; #endif From f3166663a5eb0a224e46f7a638c295f8f591da53 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 19 Jul 2019 12:51:31 -0400 Subject: [PATCH 286/360] unref hw_device_ctx on Close. I think this should release all the other hwaccel related stuff --- src/zm_ffmpeg_camera.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index f0f6a3b1d..8c61dfcff 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -682,13 +682,13 @@ int FfmpegCamera::Close() { #endif mAudioCodecContext = NULL; // Freed by av_close_input_file } -#if 0 + +#if HAVE_LIBAVUTIL_HWCONTEXT_H if ( hw_device_ctx ) { - hwdevice_ctx_free + av_buffer_unref(&hw_device_ctx); } #endif - if ( mFormatContext ) { #if !LIBAVFORMAT_VERSION_CHECK(53, 17, 0, 25, 0) av_close_input_file(mFormatContext); From 9a31f8792cdf546e588f8af9ef6f809699dd4066 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 19 Jul 2019 13:55:35 -0400 Subject: [PATCH 287/360] return proper error codes when failed auth or fail permissions --- src/zms.cpp | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/src/zms.cpp b/src/zms.cpp index 5e6e4c2d6..c78dba1d2 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -43,9 +43,8 @@ bool ValidateAccess( User *user, int mon_id ) { allowed = false; } if ( !allowed ) { - Error( "Error, insufficient privileges for requested action user %d %s for monitor %d", - user->Id(), user->getUsername(), mon_id ); - exit( -1 ); + Error("Error, insufficient privileges for requested action user %d %s for monitor %d", + user->Id(), user->getUsername(), mon_id); } return allowed; } @@ -164,8 +163,7 @@ int main( int argc, const char *argv[] ) { strncpy( auth, value, sizeof(auth)-1 ); } else if ( !strcmp( name, "token" ) ) { jwt_token_str = value; - Debug(1,"ZMS: JWT token found: %s", jwt_token_str.c_str()); - + Debug(1, "ZMS: JWT token found: %s", jwt_token_str.c_str()); } else if ( !strcmp( name, "user" ) ) { username = UriDecode( value ); } else if ( !strcmp( name, "pass" ) ) { @@ -184,17 +182,15 @@ int main( int argc, const char *argv[] ) { } else { snprintf(log_id_string, sizeof(log_id_string), "zms_e%" PRIu64, event_id); } - logInit( log_id_string ); + logInit(log_id_string); if ( config.opt_use_auth ) { User *user = 0; - if (jwt_token_str != "") { + if ( jwt_token_str != "" ) { //user = zmLoadTokenUser(jwt_token_str, config.auth_hash_ips); user = zmLoadTokenUser(jwt_token_str, false); - - } - else if ( strcmp(config.auth_relay, "none") == 0 ) { + } else if ( strcmp(config.auth_relay, "none") == 0 ) { if ( checkUser(username.c_str()) ) { user = zmLoadUser(username.c_str()); } else { @@ -216,21 +212,27 @@ int main( int argc, const char *argv[] ) { } } if ( !user ) { + fprintf(stdout, "HTTP/1.0 401 Unauthorized\r\n"); Error("Unable to authenticate user"); logTerm(); zmDbClose(); return -1; } - ValidateAccess(user, monitor_id); + if ( !ValidateAccess(user, monitor_id) ) { + fprintf(stdout, "HTTP/1.0 403 Forbidden\r\n"); + logTerm(); + zmDbClose(); + return -1; + } } // end if config.opt_use_auth hwcaps_detect(); zmSetDefaultTermHandler(); zmSetDefaultDieHandler(); - setbuf( stdout, 0 ); + setbuf(stdout, 0); if ( nph ) { - fprintf( stdout, "HTTP/1.0 200 OK\r\n" ); + fprintf(stdout, "HTTP/1.0 200 OK\r\n"); } fprintf( stdout, "Server: ZoneMinder Video Server/%s\r\n", ZM_VERSION ); From 1e0c39c632e390c2d49ea965dc7f41176f0c27f0 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 19 Jul 2019 16:28:18 -0400 Subject: [PATCH 288/360] mostly spacing cleanups. Don't bother setting pkt_duration on resampled frame --- src/zm_videostore.cpp | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 355578ffc..563c06be8 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -308,7 +308,6 @@ VideoStore::VideoStore( #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) audio_out_stream = avformat_new_stream(oc, NULL); - audio_out_stream->time_base = audio_in_stream->time_base; audio_out_ctx = avcodec_alloc_context3(audio_out_codec); if ( !audio_out_ctx ) { Error("could not allocate codec ctx for AAC"); @@ -1061,8 +1060,8 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { dumpPacket(audio_in_stream, ipkt, "input packet"); if ( audio_out_codec ) { - Debug(2, "Have output codec"); if ( ( ret = zm_receive_frame(audio_in_ctx, in_frame, *ipkt) ) < 0 ) { + Debug(3, "Not ready to receive frame"); return 0; } @@ -1100,10 +1099,11 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { } dumpPacket(audio_out_stream, &opkt, "raw opkt"); - opkt.duration = av_rescale_q( - opkt.duration, - audio_out_ctx->time_base, - audio_out_stream->time_base); + + opkt.duration = av_rescale_q( + opkt.duration, + audio_out_ctx->time_base, + audio_out_stream->time_base); // Scale the PTS of the outgoing packet to be the correct time base if ( ipkt->pts != AV_NOPTS_VALUE ) { if ( !audio_first_pts ) { @@ -1116,8 +1116,8 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { audio_out_ctx->time_base, audio_out_stream->time_base); opkt.pts -= audio_first_pts; - Debug(2, "audio opkt.pts = %" PRId64 " from ipkt->pts(%" PRId64 ") - first_pts(%" PRId64 ")", - opkt.pts, ipkt->pts, audio_first_pts); + Debug(2, "audio opkt.pts = %" PRId64 " from first_pts %" PRId64, + opkt.pts, audio_first_pts); } } else { Debug(2, "opkt.pts = undef"); @@ -1134,8 +1134,8 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { audio_out_ctx->time_base, audio_out_stream->time_base); opkt.dts -= audio_first_dts; - Debug(2, "opkt.dts = %" PRId64 " from ipkt.dts(%" PRId64 ") - first_dts(%" PRId64 ")", - opkt.dts, ipkt->dts, audio_first_dts); + Debug(2, "opkt.dts = %" PRId64 " from first_dts %" PRId64, + opkt.dts, audio_first_dts); } audio_last_dts = opkt.dts; } else { @@ -1270,17 +1270,12 @@ int VideoStore::resample_audio() { // resampling changes the duration because the timebase is 1/samples // I think we should be dealing in codec timebases not stream if ( in_frame->pts != AV_NOPTS_VALUE ) { - // pkt_duration is in avstream timebase units - out_frame->pkt_duration = av_rescale_q( - in_frame->pkt_duration, - audio_in_stream->time_base, - audio_out_stream->time_base); out_frame->pts = av_rescale_q( in_frame->pts, audio_in_ctx->time_base, audio_out_ctx->time_base); - zm_dump_frame(out_frame, "Out frame after timestamp conversion"); } + zm_dump_frame(out_frame, "Out frame after timestamp conversion"); #else #if defined(HAVE_LIBAVRESAMPLE) ret = avresample_convert(resample_ctx, NULL, 0, 0, in_frame->data, From fe71a9abaa97af6d005a9d492b2b2b1c023fd970 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 19 Jul 2019 16:32:40 -0400 Subject: [PATCH 289/360] php_errormsg is deprecated --- web/includes/functions.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index e1016bb82..867861ffe 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -2459,11 +2459,13 @@ function do_post_request($url, $data, $optional_headers = null) { $ctx = stream_context_create($params); $fp = @fopen($url, 'rb', false, $ctx); if ( !$fp ) { - throw new Exception("Problem with $url, $php_errormsg"); + throw new Exception("Problem with $url, " + .print_r(error_get_last(),true)); } $response = @stream_get_contents($fp); if ( $response === false ) { - throw new Exception("Problem reading data from $url, $php_errormsg"); + throw new Exception("Problem reading data from $url, data: ".print_r($params,true) + .print_r(error_get_last(),true)); } return $response; } From e821553265ed10a73b4f6d20d3162c2a83b07bed Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 09:54:39 -0400 Subject: [PATCH 290/360] Split MoveTo into CopyTo and MoveTo. --- scripts/ZoneMinder/lib/ZoneMinder/Event.pm | 126 +++++++++++---------- 1 file changed, 69 insertions(+), 57 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm index 9c6fe3cd5..e1516f1f5 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm @@ -393,61 +393,66 @@ sub delete { sub delete_files { my $event = shift; - my $Storage = @_ ? $_[0] : new ZoneMinder::Storage($$event{StorageId}); - my $storage_path = $Storage->Path(); + foreach my $Storage ( + @_ ? ($_[0]) : ( + new ZoneMinder::Storage($$event{StorageId}), + ( $$event{SecondaryStorageId} ? new ZoneMinder::Storage($$event{SecondaryStorageId}) : () ), + ) ) { + my $storage_path = $Storage->Path(); - if ( ! $storage_path ) { - Error("Empty storage path when deleting files for event $$event{Id} with storage id $$event{StorageId}"); - return; - } - - if ( ! $$event{MonitorId} ) { - Error("No monitor id assigned to event $$event{Id}"); - return; - } - my $event_path = $event->RelativePath(); - Debug("Deleting files for Event $$event{Id} from $storage_path/$event_path, scheme is $$event{Scheme}."); - if ( $event_path ) { - ( $storage_path ) = ( $storage_path =~ /^(.*)$/ ); # De-taint - ( $event_path ) = ( $event_path =~ /^(.*)$/ ); # De-taint - - my $deleted = 0; - if ( $$Storage{Type} and ( $$Storage{Type} eq 's3fs' ) ) { - my ( $aws_id, $aws_secret, $aws_host, $aws_bucket ) = ( $$Storage{Url} =~ /^\s*([^:]+):([^@]+)@([^\/]*)\/(.+)\s*$/ ); - eval { - require Net::Amazon::S3; - my $s3 = Net::Amazon::S3->new( { - aws_access_key_id => $aws_id, - aws_secret_access_key => $aws_secret, - ( $aws_host ? ( host => $aws_host ) : () ), - }); - my $bucket = $s3->bucket($aws_bucket); - if ( ! $bucket ) { - Error("S3 bucket $bucket not found."); - die; - } - if ( $bucket->delete_key($event_path) ) { - $deleted = 1; - } else { - Error('Failed to delete from S3:'.$s3->err . ': ' . $s3->errstr); - } - }; - Error($@) if $@; + if ( ! $storage_path ) { + Error("Empty storage path when deleting files for event $$event{Id} with storage id $$event{StorageId}"); + return; } - if ( !$deleted ) { - my $command = "/bin/rm -rf $storage_path/$event_path"; - ZoneMinder::General::executeShellCommand($command); - } - } - if ( $event->Scheme() eq 'Deep' ) { - my $link_path = $event->LinkPath(); - Debug("Deleting link for Event $$event{Id} from $storage_path/$link_path."); - if ( $link_path ) { - ( $link_path ) = ( $link_path =~ /^(.*)$/ ); # De-taint + if ( ! $$event{MonitorId} ) { + Error("No monitor id assigned to event $$event{Id}"); + return; + } + my $event_path = $event->RelativePath(); + Debug("Deleting files for Event $$event{Id} from $storage_path/$event_path, scheme is $$event{Scheme}."); + if ( $event_path ) { + ( $storage_path ) = ( $storage_path =~ /^(.*)$/ ); # De-taint + ( $event_path ) = ( $event_path =~ /^(.*)$/ ); # De-taint + + my $deleted = 0; + if ( $$Storage{Type} and ( $$Storage{Type} eq 's3fs' ) ) { + my ( $aws_id, $aws_secret, $aws_host, $aws_bucket ) = ( $$Storage{Url} =~ /^\s*([^:]+):([^@]+)@([^\/]*)\/(.+)\s*$/ ); + eval { + require Net::Amazon::S3; + my $s3 = Net::Amazon::S3->new( { + aws_access_key_id => $aws_id, + aws_secret_access_key => $aws_secret, + ( $aws_host ? ( host => $aws_host ) : () ), + }); + my $bucket = $s3->bucket($aws_bucket); + if ( ! $bucket ) { + Error("S3 bucket $bucket not found."); + die; + } + if ( $bucket->delete_key($event_path) ) { + $deleted = 1; + } else { + Error('Failed to delete from S3:'.$s3->err . ': ' . $s3->errstr); + } + }; + Error($@) if $@; + } + if ( !$deleted ) { + my $command = "/bin/rm -rf $storage_path/$event_path"; + ZoneMinder::General::executeShellCommand($command); + } + } # end if event_path + + if ( $event->Scheme() eq 'Deep' ) { + my $link_path = $event->LinkPath(); + Debug("Deleting link for Event $$event{Id} from $storage_path/$link_path."); + if ( $link_path ) { + ( $link_path ) = ( $link_path =~ /^(.*)$/ ); # De-taint unlink($storage_path.'/'.$link_path) or Error("Unable to unlink '$storage_path/$link_path': $!"); - } - } + } + } # end if Scheme eq Deep + } # end foreach Storage } # end sub delete_files sub StorageId { @@ -519,7 +524,7 @@ sub DiskSpace { return $_[0]{DiskSpace}; } -sub MoveTo { +sub CopyTo { my ( $self, $NewStorage ) = @_; my $OldStorage = $self->Storage(undef); @@ -559,7 +564,7 @@ sub MoveTo { $ZoneMinder::Database::dbh->commit(); return "New path and old path are the same! $NewPath"; } - Debug("Moving event $$self{Id} from $OldPath to $NewPath"); + Debug("Copying event $$self{Id} from $OldPath to $NewPath"); my $moved = 0; @@ -650,7 +655,7 @@ Debug("Files to move @files"); last; } my $duration = time - $starttime; - Debug("Copied " . Number::Bytes::Human::format_bytes($size) . " in $duration seconds = " . ($duration?Number::Bytes::Human::format_bytes($size/$duration):'inf') . "/sec"); + Debug('Copied ' . Number::Bytes::Human::format_bytes($size) . " in $duration seconds = " . ($duration?Number::Bytes::Human::format_bytes($size/$duration):'inf') . '/sec'); } # end foreach file. } # end if ! moved @@ -658,6 +663,15 @@ Debug("Files to move @files"); $ZoneMinder::Database::dbh->commit(); return $error; } +} # end sub CopyTo + +sub MoveTo { + + my ( $self, $NewStorage ) = @_; + my $OldStorage = $self->Storage(undef); + + my $error = $self->CopyTo($NewStorage); + return $error if $error; # Succeeded in copying all files, so we may now update the Event. $$self{StorageId} = $$NewStorage{Id}; @@ -667,10 +681,8 @@ Debug("Files to move @files"); $ZoneMinder::Database::dbh->commit(); return $error; } -Debug("Committing"); $ZoneMinder::Database::dbh->commit(); - $self->delete_files( $OldStorage ); -Debug("Done deleting files, returning"); + $self->delete_files($OldStorage); return $error; } # end sub MoveTo From f9b5c8a1f4dcfeb2af820309113d45095db23eea Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 09:55:14 -0400 Subject: [PATCH 291/360] If query is empty don't bother parsing it --- scripts/ZoneMinder/lib/ZoneMinder/Filter.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm b/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm index 8383e43b7..1c0dd151b 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm @@ -132,6 +132,12 @@ sub Sql { my $self = shift; $$self{Sql} = shift if @_; if ( ! $$self{Sql} ) { + $self->{Sql} = ''; + if ( ! $self->{Query} ) { + Warning("No query in Filter!"); + return; + } + my $filter_expr = ZoneMinder::General::jsonDecode($self->{Query}); my $sql = 'SELECT E.*, unix_timestamp(E.StartTime) as Time, @@ -142,7 +148,6 @@ sub Sql { INNER JOIN Monitors as M on M.Id = E.MonitorId LEFT JOIN Storage as S on S.Id = E.StorageId '; - $self->{Sql} = ''; if ( $filter_expr->{terms} ) { foreach my $term ( @{$filter_expr->{terms}} ) { From fd95ab23e9a78b116b621bd4498a5701dc2b83fd Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 09:55:27 -0400 Subject: [PATCH 292/360] Add AutoCopy support --- scripts/zmfilter.pl.in | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index b572d40fa..0b8812c87 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -240,6 +240,7 @@ sub getFilters { or AutoDelete = 1 or UpdateDiskSpace = 1 or AutoMove = 1 + or AutoCopy = 1 ) ORDER BY Name'; my $sth = $dbh->prepare_cached($sql) or Fatal("Unable to prepare '$sql': ".$dbh->errstr()); @@ -283,6 +284,7 @@ sub checkFilter { ($filter->{AutoMessage}?'message':()), ($filter->{AutoExecute}?'execute':()), ($filter->{AutoMove}?'move':()), + ($filter->{AutoCopy}?'copy':()), ($filter->{UpdateDiskSpace}?'update disk space':()), ), 'returned' , scalar @Events , 'events', @@ -300,9 +302,9 @@ sub checkFilter { Info("Archiving event $Event->{Id}"); # Do it individually to avoid locking up the table for new events my $sql = 'UPDATE Events SET Archived = 1 WHERE Id = ?'; - my $sth = $dbh->prepare_cached( $sql ) + my $sth = $dbh->prepare_cached($sql) or Fatal("Unable to prepare '$sql': ".$dbh->errstr()); - my $res = $sth->execute( $Event->{Id} ) + my $res = $sth->execute($Event->{Id}) or Error("Unable to execute '$sql': ".$dbh->errstr()); } if ( $Config{ZM_OPT_FFMPEG} && $filter->{AutoVideo} ) { @@ -343,6 +345,11 @@ sub checkFilter { $_ = $Event->MoveTo($NewStorage); Error($_) if $_; } + if ( $filter->{AutoCopy} ) { + my $NewStorage = new ZoneMinder::Storage($filter->{AutoCopyTo}); + $_ = $Event->CopyTo($NewStorage); + Error($_) if $_; + } if ( $filter->{UpdateDiskSpace} ) { $ZoneMinder::Database::dbh->begin_work(); From b05aff1d5d5e4a339d5f6731dcffe2dfde679ce9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 09:57:16 -0400 Subject: [PATCH 293/360] Update Filter Object to extend ZM_Object. Rename Query to Query_json and implement a Query function to parse Query_json --- web/includes/Filter.php | 169 ++++++++++------------------------------ 1 file changed, 41 insertions(+), 128 deletions(-) diff --git a/web/includes/Filter.php b/web/includes/Filter.php index 8da602539..f8b06d4e5 100644 --- a/web/includes/Filter.php +++ b/web/includes/Filter.php @@ -1,9 +1,11 @@ null, 'Name' => '', 'AutoExecute' => 0, @@ -16,63 +18,44 @@ public $defaults = array( 'AutoMessage' => 0, 'AutoMove' => 0, 'AutoMoveTo' => 0, + 'AutoCopy' => 0, + 'AutoCopyTo' => 0, 'UpdateDiskSpace' => 0, 'Background' => 0, 'Concurrent' => 0, - 'limit' => 100, - 'Query' => array(), - 'sort_field' => ZM_WEB_EVENT_SORT_FIELD, - 'sort_asc' => ZM_WEB_EVENT_SORT_ORDER, -); + #'limit' => 100, + 'Query_json' => '', + #'sort_field' => ZM_WEB_EVENT_SORT_FIELD, + #'sort_asc' => ZM_WEB_EVENT_SORT_ORDER, + ); - public function __construct( $IdOrRow=NULL ) { - $row = NULL; - if ( $IdOrRow ) { - if ( is_integer($IdOrRow) or is_numeric($IdOrRow) ) { - $row = dbFetchOne('SELECT * FROM Filters WHERE Id=?', NULL, array($IdOrRow)); - if ( ! $row ) { - Error('Unable to load Filter record for Id=' . $IdOrRow); - } - } elseif ( is_array($IdOrRow) ) { - $row = $IdOrRow; - } else { - $backTrace = debug_backtrace(); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Error("Unknown argument passed to Filter Constructor from $file:$line)"); - Error("Unknown argument passed to Filter Constructor ($IdOrRow)"); - return; - } - } # end if isset($IdOrRow) + public function Query($new = -1) { + if ( $new and ( $new != -1 ) ) { + $this->{'Query'} = $new; + $this->{'Query_json'} = jsonEncode($new); + Logger::Debug("Setting Query to " . $this->{'Query_json'}); + } + if ( !array_key_exists('Query', $this) ) { + if ( array_key_exists('Query_json', $this) and $this->{'Query_json'} ) { + $this->{'Query'} = jsonDecode($this->{'Query_json'}); + Logger::Debug("Decoded Query already" . print_r($this->{'Query'}, true )); - if ( $row ) { - foreach ($row as $k => $v) { - $this->{$k} = $v; - } - if ( array_key_exists('Query', $this) and $this->{'Query'} ) { - $this->{'Query'} = jsonDecode($this->{'Query'}); } else { + Logger::Debug("No Have Query_json already"); $this->{'Query'} = array(); } - } - } // end function __construct - - public function __call( $fn, array $args ) { - if ( count( $args ) ) { - $this->{$fn} = $args[0]; - } - if ( array_key_exists( $fn, $this ) ) { - return $this->{$fn}; - } else if ( array_key_exists( $fn, $this->defaults ) ) { - $this->{$fn} = $this->defaults{$fn}; - return $this->{$fn}; } else { - - $backTrace = debug_backtrace(); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Warning( "Unknown function call Filter->$fn from $file:$line" ); + Logger::Debug("Have Query already" . print_r($this->{'Query'}, true )); } + return $this->{'Query'}; + } + + public static function find( $parameters = array(), $options = array() ) { + return ZM_Object::_find(get_class(), $parameters, $options); + } + + public static function find_one( $parameters = array(), $options = array() ) { + return ZM_Object::_find_one(get_class(), $parameters, $options); } public function terms( ) { @@ -93,101 +76,31 @@ public $defaults = array( if ( isset( $this->Query()['sort_field'] ) ) { return $this->{'Query'}['sort_field']; } - return $this->defaults{'sort_field'}; + return ZM_WEB_EVENT_SORT_FIELD; + #return $this->defaults{'sort_field'}; } + public function sort_asc( ) { if ( func_num_args( ) ) { - $this->{'Query'}['sort_asc'] = func_get_arg(0); + $this->Query()['sort_asc'] = func_get_arg(0); } if ( isset( $this->Query()['sort_asc'] ) ) { return $this->{'Query'}['sort_asc']; } - return $this->defaults{'sort_asc'}; + return ZM_WEB_EVENT_SORT_ORDER; + #return $this->defaults{'sort_asc'}; } + public function limit( ) { if ( func_num_args( ) ) { $this->{'Query'}['limit'] = func_get_arg(0); } if ( isset( $this->Query()['limit'] ) ) return $this->{'Query'}['limit']; - return $this->defaults{'limit'}; + return 100; + #return $this->defaults{'limit'}; } - public static function find( $parameters = null, $options = null ) { - $filters = array(); - $sql = 'SELECT * FROM Filters '; - $values = array(); - - if ( $parameters ) { - $fields = array(); - $sql .= 'WHERE '; - foreach ( $parameters as $field => $value ) { - if ( $value == null ) { - $fields[] = $field.' IS NULL'; - } else if ( is_array( $value ) ) { - $func = function(){return '?';}; - $fields[] = $field.' IN ('.implode(',', array_map($func, $value)). ')'; - $values += $value; - } else { - $fields[] = $field.'=?'; - $values[] = $value; - } - } - $sql .= implode(' AND ', $fields); - } - if ( $options ) { - if ( isset($options['order']) ) { - $sql .= ' ORDER BY ' . $options['order']; - } - if ( isset($options['limit']) ) { - if ( is_integer($options['limit']) or ctype_digit($options['limit']) ) { - $sql .= ' LIMIT ' . $options['limit']; - } else { - $backTrace = debug_backtrace(); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Error("Invalid value for limit(".$options['limit'].") passed to Filter::find from $file:$line"); - return array(); - } - } - } - $result = dbQuery($sql, $values); - $results = $result->fetchALL(PDO::FETCH_CLASS | PDO::FETCH_PROPS_LATE, 'Filter'); - foreach ( $results as $row => $obj ) { - $filters[] = $obj; - } - return $filters; - } # end find() - - public static function find_one( $parameters = array() ) { - $results = Filter::find($parameters, array('limit'=>1)); - if ( ! sizeof($results) ) { - return; - } - return $results[0]; - } # end find_one() - - public function delete() { - dbQuery('DELETE FROM Filters WHERE Id=?', array($this->{'Id'})); - } # end function delete() - - public function set( $data ) { - foreach ($data as $k => $v) { - if ( is_array( $v ) ) { - $this->{$k} = $v; - } else if ( is_string( $v ) ) { - $this->{$k} = trim( $v ); - } else if ( is_integer( $v ) ) { - $this->{$k} = $v; - } else if ( is_bool( $v ) ) { - $this->{$k} = $v; - } else { - Error( "Unknown type $k => $v of var " . gettype( $v ) ); - $this->{$k} = $v; - } - } - } # end function set - public function control($command, $server_id=null) { $Servers = $server_id ? Server::find(array('Id'=>$server_id)) : Server::find(); if ( !count($Servers) and !$server_id ) { From 7c52f8a4aea74f9541830a9402c7a702d901405a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 09:57:44 -0400 Subject: [PATCH 294/360] Fixes and add Objects_Indexed_By_Id --- web/includes/Object.php | 230 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 230 insertions(+) create mode 100644 web/includes/Object.php diff --git a/web/includes/Object.php b/web/includes/Object.php new file mode 100644 index 000000000..041b45bed --- /dev/null +++ b/web/includes/Object.php @@ -0,0 +1,230 @@ + $v) { + $this->{$k} = $v; + } + $cache[$row['Id']] = $this; + } else { + # Set defaults + foreach ( $this->defaults as $k => $v ) $this->{$k} = $v; + } + } + + public function __call($fn, array $args){ + if ( count($args) ) { + $this->{$fn} = $args[0]; + } + if ( array_key_exists($fn, $this) ) { + return $this->{$fn}; + } else { + if ( array_key_exists($fn, $this->defaults) ) { + return $this->defaults{$fn}; + } else { + $backTrace = debug_backtrace(); + Warning("Unknown function call Sensor->$fn from ".print_r($backTrace,true)); + } + } + } + + public static function _find($class, $parameters = null, $options = null ) { + $table = $class::$table; + $filters = array(); + $sql = "SELECT * FROM `$table` "; + $values = array(); + + if ( $parameters ) { + $fields = array(); + $sql .= 'WHERE '; + foreach ( $parameters as $field => $value ) { + if ( $value == null ) { + $fields[] = '`'.$field.'` IS NULL'; + } else if ( is_array($value) ) { + $func = function(){return '?';}; + $fields[] = '`'.$field.'` IN ('.implode(',', array_map($func, $value)). ')'; + $values += $value; + + } else { + $fields[] = '`'.$field.'`=?'; + $values[] = $value; + } + } + $sql .= implode(' AND ', $fields ); + } + if ( $options ) { + if ( isset($options['order']) ) { + $sql .= ' ORDER BY ' . $options['order']; + } + if ( isset($options['limit']) ) { + if ( is_integer($options['limit']) or ctype_digit($options['limit']) ) { + $sql .= ' LIMIT ' . $options['limit']; + } else { + Error('Invalid value for limit('.$options['limit'].') passed to '.get_class()."::find from ".print_r($backTrace,true)); + return array(); + } + } + } + $rows = dbFetchAll($sql, NULL, $values); + $results = array(); + if ( $rows ) { + foreach ( $rows as $row ) { + array_push($results , new $class($row)); + } + } + return $results; + } # end public function find() + + public static function _find_one($class, $parameters = array(), $options = array() ) { + global $object_cache; + if ( ! isset($object_cache[$class]) ) + $object_cache[$class] = array(); + $cache = $object_cache[$class]; + if ( + ( count($parameters) == 1 ) and + isset($parameters['Id']) and + isset($cache[$parameters['Id']]) ) { + return $cache[$parameters['Id']]; + } + $options['limit'] = 1; + $results = ZM_Object::_find($class, $parameters, $options); + if ( ! sizeof($results) ) { + return; + } + return $results[0]; + } + + public static function Objects_Indexed_By_Id($class) { + $results = array(); + foreach ( ZM_Object::_find($class, null, array('order'=>'lower(Name)')) as $Object ) { + $results[$Object->Id()] = $Object; + } + return $results; + } + + public function to_json() { + $json = array(); + foreach ($this->defaults as $key => $value) { + if ( is_callable(array($this, $key)) ) { + $json[$key] = $this->$key(); + } else if ( array_key_exists($key, $this) ) { + $json[$key] = $this->{$key}; + } else { + $json[$key] = $this->defaults{$key}; + } + } + return json_encode($json); + } + + public function set($data) { + foreach ( $data as $k => $v ) { + if ( method_exists($this, $k) ) { + $this->{$k}($v); + } else { + if ( is_array($v) ) { +# perhaps should turn into a comma-separated string + $this->{$k} = implode(',', $v); + } else if ( is_string($v) ) { + if ( $v == '' and array_key_exists($k, $this->defaults) ) { + $this->{$k} = $this->defaults[$k]; + } else { + $this->{$k} = trim($v); + } + } else if ( is_integer($v) ) { + $this->{$k} = $v; + } else if ( is_bool($v) ) { + $this->{$k} = $v; + } else if ( is_null($v) ) { + $this->{$k} = $v; + } else { + Error( "Unknown type $k => $v of var " . gettype( $v ) ); + $this->{$k} = $v; + } + } # end if method_exists + } # end foreach $data as $k=>$v + } + + public function changes( $new_values ) { + $changes = array(); + foreach ( $this->defaults as $field=>$default_value ) { + if ( array_key_exists($field, $new_values) ) { + Logger::Debug("Checking default $field => $default_value exists in new values :".$this->{$field} . " " .$new_values[$field]); + if ( (!array_key_exists($field, $this)) or ( $this->{$field} != $new_values[$field] ) ) { + Logger::Debug("Checking default $field => $default_value changes becaause" . $new_values[$field].' != '.$new_values[$field]); + $changes[$field] = $new_values[$field]; + #} else if { + Logger::Debug("Checking default $field => $default_value changes becaause " . $new_values[$field].' != '.$new_values[$field]); + #array_push( $changes, [$field=>$defaults[$field]] ); + } + } else { + Logger::Debug("Checking default $field => $default_value not in new_values"); + } + } # end foreach default + return $changes; + } # end public function changes + + public function save($new_values = null) { + $class = get_class($this); + $table = $class::$table; + + if ( $new_values ) { + Logger::Debug("New values" . print_r($new_values,true)); + $this->set($new_values); + } + + if ( $this->Id() ) { + $fields = array_keys($this->defaults); + $sql = 'UPDATE '.$table.' SET '.implode(', ', array_map(function($field) {return '`'.$field.'`=?';}, $fields )) . ' WHERE Id=?'; + $values = array_map(function($field){return $this->{$field};}, $fields); + $values[] = $this->{'Id'}; + if ( dbQuery($sql, $values) ) + return true; + } else { + $fields = $this->defaults; + unset($fields['Id']); + + $sql = 'INSERT INTO '.$table.' ('.implode(', ', array_map(function($field) {return '`'.$field.'`';}, array_keys($fields))).') VALUES ('.implode(', ', array_map(function($field){return '?';}, array_values($fields))).')'; + $values = array_map(function($field){return $this->{$field};}, array_keys($fields)); + if ( dbQuery($sql, $values) ) { + $this->{'Id'} = dbInsertId(); + return true; + } + } + return false; + } // end function save + + public function delete() { + $class = get_class($this); + $table = $class::$table; + dbQuery("DELETE FROM $table WHERE Id=?", array($this->{'Id'})); + if ( isset($object_cache[$class]) and isset($object_cache[$class][$this->{'Id'}]) ) + unset($object_cache[$class][$this->{'Id'}]); + } + +} # end class Sensor Action +?> From 35ec60ca031f5ee6e3a72d9d53ae2cfe2221b1a4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 09:58:05 -0400 Subject: [PATCH 295/360] Change Storage object to extend ZM_Object --- web/includes/Storage.php | 136 +++------------------------------------ 1 file changed, 9 insertions(+), 127 deletions(-) diff --git a/web/includes/Storage.php b/web/includes/Storage.php index b3caa3ffa..8607b52fe 100644 --- a/web/includes/Storage.php +++ b/web/includes/Storage.php @@ -2,10 +2,11 @@ namespace ZM; require_once('database.php'); require_once('Event.php'); +require_once('Object.php'); -$storage_cache = array(); -class Storage { - private $defaults = array( +class Storage extends ZM_Object { + protected static $table = 'Storage'; + protected $defaults = array( 'Id' => null, 'Path' => '', 'Name' => '', @@ -16,31 +17,12 @@ class Storage { 'ServerId' => 0, 'DoDelete' => 1, ); + public static function find($parameters = array(), $options = array() ) { + return ZM_Object::_find(get_class(), $parameters, $options); + } - public function __construct( $IdOrRow = NULL ) { - global $storage_cache; - - $row = NULL; - if ( $IdOrRow ) { - if ( is_integer($IdOrRow) or is_numeric($IdOrRow) ) { - $row = dbFetchOne('SELECT * FROM Storage WHERE Id=?', NULL, array($IdOrRow)); - if ( ! $row ) { - Error('Unable to load Storage record for Id=' . $IdOrRow); - } - } else if ( is_array($IdOrRow) ) { - $row = $IdOrRow; - } - } - if ( $row ) { - foreach ($row as $k => $v) { - $this->{$k} = $v; - } - $storage_cache[$row['Id']] = $this; - } else { - $this->{'Name'} = ''; - $this->{'Path'} = ''; - $this->{'Type'} = 'local'; - } + public static function find_one( $parameters = array(), $options = array() ) { + return ZM_Object::_find_one(get_class(), $parameters, $options); } public function Path() { @@ -66,93 +48,6 @@ class Storage { return $this->{'Name'}; } - public function __call( $fn, array $args= NULL ) { - if ( count($args) ) { - $this->{$fn} = $args[0]; - } - if ( array_key_exists($fn, $this) ) - return $this->{$fn}; - - if ( array_key_exists($fn, $this->defaults) ) - return $this->defaults{$fn}; - - $backTrace = debug_backtrace(); - $file = $backTrace[0]['file']; - $line = $backTrace[0]['line']; - Warning("Unknown function call Storage->$fn from $file:$line"); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Warning("Unknown function call Storage->$fn from $file:$line"); - } - - public static function find_one( $parameters = null, $options = null ) { - global $storage_cache; - if ( - ( count($parameters) == 1 ) and - isset($parameters['Id']) and - isset($storage_cache[$parameters['Id']]) ) { - return $storage_cache[$parameters['Id']]; - } - - $results = Storage::find($parameters, $options); - if ( count($results) > 1 ) { - Error('Storage Returned more than 1'); - return $results[0]; - } else if ( count($results) ) { - return $results[0]; - } else { - return null; - } - } - public static function find( $parameters = null, $options = null ) { - $sql = 'SELECT * FROM Storage '; - $values = array(); - - if ( $parameters ) { - $fields = array(); - $sql .= 'WHERE '; - foreach ( $parameters as $field => $value ) { - if ( $value == null ) { - $fields[] = $field.' IS NULL'; - } else if ( is_array($value) ) { - $func = function(){return '?';}; - $fields[] = $field.' IN ('.implode(',', array_map($func, $value)).')'; - $values += $value; - - } else { - $fields[] = $field.'=?'; - $values[] = $value; - } - } - $sql .= implode(' AND ', $fields); - } # end if parameters - if ( $options ) { - if ( isset($options['order']) ) { - $sql .= ' ORDER BY ' . $options['order']; - } # end if options - if ( isset($options['limit']) ) { - if ( is_integer($options['limit']) or ctype_digit($options['limit']) ) { - $sql .= ' LIMIT ' . $option['limit']; - } else { - $backTrace = debug_backtrace(); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Error("Invalid value for limit(".$options['limit'].") passed to Control::find from $file:$line"); - return array(); - } - } # end if limit - } # end if options - $storage_areas = array(); - $result = dbQuery($sql, $values); - if ( $result ) { - $results = $result->fetchALL(); - foreach ( $results as $row ) { - $storage_areas[] = new Storage($row); - } - } - return $storage_areas; - } # end find() - public function disk_usage_percent() { $path = $this->Path(); if ( ! $path ) { @@ -226,18 +121,5 @@ class Storage { return $this->{'Server'}; } - public function to_json() { - $json = array(); - foreach ($this->defaults as $key => $value) { - if ( is_callable(array($this, $key)) ) { - $json[$key] = $this->$key(); - } else if ( array_key_exists($key, $this) ) { - $json[$key] = $this->{$key}; - } else { - $json[$key] = $this->defaults{$key}; - } - } - return json_encode($json); - } } // end class Storage ?> From 9b6dedb35d4399bc7e8fc13083d103e1d1ad766f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 09:58:28 -0400 Subject: [PATCH 296/360] Update Filter saving action to use object set/save etc --- web/includes/actions/filter.php | 37 ++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/web/includes/actions/filter.php b/web/includes/actions/filter.php index 6b3019ee5..8548f21d1 100644 --- a/web/includes/actions/filter.php +++ b/web/includes/actions/filter.php @@ -51,11 +51,30 @@ if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) { $_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']); $_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']); if ( $action == 'execute' ) { - $tempFilterName = '_TempFilter'.time(); - $sql .= ' Name = \''.$tempFilterName.'\''; - } else { - $sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']); + $_REQUEST['filter']['Name'] = '_TempFilter'.time(); + unset($_REQUEST['Id']); + #$tempFilterName = '_TempFilter'.time(); + #$sql .= ' Name = \''.$tempFilterName.'\''; + #} else { + #$sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']); } + + $_REQUEST['filter']['AutoCopy'] = empty($_REQUEST['filter']['AutoCopy']) ? 0 : 1; + $_REQUEST['filter']['AutoMove'] = empty($_REQUEST['filter']['AutoMove']) ? 0 : 1; + $_REQUEST['filter']['AutoArchive'] = empty($_REQUEST['filter']['AutoArchive']) ? 0 : 1; + $_REQUEST['filter']['AutoVideo'] = empty($_REQUEST['filter']['AutoVideo']) ? 0 : 1; + $_REQUEST['filter']['AutoUpload'] = empty($_REQUEST['filter']['AutoUpload']) ? 0 : 1; + $_REQUEST['filter']['AutoEmail'] = empty($_REQUEST['filter']['AutoEmail']) ? 0 : 1; + $_REQUEST['filter']['AutoMessage'] = empty($_REQUEST['filter']['AutoMessage']) ? 0 : 1; + $_REQUEST['filter']['AutoExecute'] = empty($_REQUEST['filter']['AutoExecute']) ? 0 : 1; + $_REQUEST['filter']['AutoDelete'] = empty($_REQUEST['filter']['AutoDelete']) ? 0 : 1; + $_REQUEST['filter']['UpdateDiskSpace'] = empty($_REQUEST['filter']['UpdateDiskSpace']) ? 0 : 1; + $_REQUEST['filter']['Background'] = empty($_REQUEST['filter']['Background']) ? 0 : 1; + $_REQUEST['filter']['Concurrent'] = empty($_REQUEST['filter']['Concurrent']) ? 0 : 1; + $changes = $filter->changes($_REQUEST['filter']); + ZM\Logger::Debug("Changes: " . print_r($changes,true)); + + if ( 0 ) { $sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query'])); $sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0); $sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0); @@ -73,17 +92,25 @@ if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) { $sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0); $sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0); $sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0); + } if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) { + if ( 0 ) { dbQuery('UPDATE Filters SET '.$sql.' WHERE Id=?', array($_REQUEST['Id'])); + } + $filter->save($changes); if ( $filter->Background() ) $filter->control('stop'); } else { + # COuld be execute + if ( 0 ) { dbQuery('INSERT INTO Filters SET'.$sql); $_REQUEST['Id'] = dbInsertId(); $filter = new ZM\Filter($_REQUEST['Id']); + } + $filter->save($changes); } - if ( !empty($_REQUEST['filter']['Background']) ) + if ( $filter->Background() ) $filter->control('start'); if ( $action == 'execute' ) { From 346933126d822e89d0c75d21545f2ac108a5364f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 09:59:49 -0400 Subject: [PATCH 297/360] Update filter view to use Filter::find --- web/skins/classic/views/filter.php | 61 ++++++++++++++++-------------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php index 1eb4b71c3..893d1ecbd 100644 --- a/web/skins/classic/views/filter.php +++ b/web/skins/classic/views/filter.php @@ -22,36 +22,35 @@ if ( !canView('Events') ) { $view = 'error'; return; } -require_once 'includes/Filter.php'; +require_once('includes/Object.php'); +require_once('includes/Storage.php'); +require_once('includes/Filter.php'); parseSort(); -$filterNames = array( ''=>translate('ChooseFilter') ); +$filterNames = array(''=>translate('ChooseFilter')); $filter = NULL; -foreach ( dbFetchAll('SELECT * FROM Filters ORDER BY Name') as $row ) { - $filterNames[$row['Id']] = $row['Id'] . ' ' . $row['Name']; - if ( $row['Background'] ) - $filterNames[$row['Id']] .= '*'; - if ( $row['Concurrent'] ) - $filterNames[$row['Id']] .= '&'; +foreach ( ZM\Filter::find(null,array('order'=>'lower(Name)')) as $Filter ) { + $filterNames[$Filter->Id()] = $Filter->Id() . ' ' . $Filter->Name(); + if ( $Filter->Background() ) + $filterNames[$Filter->Id()] .= '*'; + if ( $Filter->Concurrent() ) + $filterNames[$Filter->Id()] .= '&'; - if ( isset($_REQUEST['Id']) && $_REQUEST['Id'] == $row['Id'] ) { - $filter = new ZM\Filter($row); + if ( isset($_REQUEST['Id']) && ($_REQUEST['Id'] == $Filter->Id()) ) { + $filter = $Filter; } } -if ( ! $filter ) { +if ( !$filter ) { $filter = new ZM\Filter(); } -if ( isset($_REQUEST['sort_field']) && isset($_REQUEST['filter']) ) { - $_REQUEST['filter']['Query']['sort_field'] = $_REQUEST['sort_field']; - $_REQUEST['filter']['Query']['sort_asc'] = $_REQUEST['sort_asc']; - $_REQUEST['filter']['Query']['limit'] = $_REQUEST['limit']; -} +ZM\Logger::Debug("Query: " . $filter->Query_json()); +ZM\Logger::Debug("Query: " . print_r($filter->Query(), true)); if ( isset($_REQUEST['filter']) ) { - $filter->set($_REQUEST['filter']); # Update our filter object with whatever changes we have made before saving + #$filter->set($_REQUEST['filter']); } $conjunctionTypes = getFilterQueryConjunctionTypes(); @@ -97,12 +96,13 @@ $attrTypes = array( 'DiskPercent' => translate('AttrDiskPercent'), 'DiskSpace' => translate('AttrDiskSpace'), 'SystemLoad' => translate('AttrSystemLoad'), - 'StorageId' => translate('AttrStorageArea'), - 'ServerId' => translate('AttrMonitorServer'), + 'StorageId' => translate('AttrStorageArea'), + 'SecondaryStorageId' => translate('AttrSecondaryStorageArea'), + 'ServerId' => translate('AttrMonitorServer'), 'FilterServerId' => translate('AttrFilterServer'), 'MonitorServerId' => translate('AttrMonitorServer'), 'StorageServerId' => translate('AttrStorageServer'), - 'StateId' => translate('AttrStateId'), + 'StateId' => translate('AttrStateId'), ); $opTypes = array( @@ -127,27 +127,24 @@ $archiveTypes = array( $focusWindow = true; -$storageareas = array('' => 'All'); -//$storageareas[0] = 'Default ' . ZM_DIR_EVENTS; -foreach ( dbFetchAll('SELECT Id,Name FROM Storage ORDER BY lower(Name) ASC') as $storage ) { - $storageareas[$storage['Id']] = $storage['Name']; -} +$storageareas = array('' => 'All') + ZM\ZM_Object::Objects_Indexed_By_Id('ZM\Storage'); + $weekdays = array(); for ( $i = 0; $i < 7; $i++ ) { $weekdays[$i] = strftime('%A', mktime(12, 0, 0, 1, $i+1, 2001)); } $states = array(); -foreach ( dbFetchAll('SELECT Id, Name FROM States ORDER BY lower(Name) ASC') as $state_row ) { +foreach ( dbFetchAll('SELECT `Id`, `Name` FROM `States` ORDER BY lower(`Name`) ASC') as $state_row ) { $states[$state_row['Id']] = validHtmlStr($state_row['Name']); } $servers = array(); $servers['ZM_SERVER_ID'] = 'Current Server'; $servers['NULL'] = 'No Server'; -foreach ( dbFetchAll('SELECT Id, Name FROM Servers ORDER BY lower(Name) ASC') as $server ) { +foreach ( dbFetchAll('SELECT `Id`, `Name` FROM `Servers` ORDER BY lower(`Name`) ASC') as $server ) { $servers[$server['Id']] = validHtmlStr($server['Name']); } $monitors = array(); -foreach ( dbFetchAll('SELECT Id, Name FROM Monitors ORDER BY Name ASC') as $monitor ) { +foreach ( dbFetchAll('SELECT `Id`, `Name` FROM `Monitors` ORDER BY lower(`Name`) ASC') as $monitor ) { if ( visibleMonitor($monitor['Id']) ) { $monitors[$monitor['Name']] = validHtmlStr($monitor['Name']); } @@ -391,7 +388,13 @@ if ( ZM_OPT_MESSAGE ) { AutoDelete() ) { ?> checked="checked" data-on-click-this="updateButtons"/>

-

+

+ + AutoCopy() ) { ?> checked="checked" data-on-click-this="click_autocopy"/> + AutoCopyTo(), $filter->AutoCopy() ? null : array('style'=>'display:none;')); ?> +

+

+ AutoMove() ) { ?> checked="checked" data-on-click-this="click_automove"/> AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;')); ?>

From 0e040fc2fcbafd57682f319f577ceea47e2bfea3 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 10:00:05 -0400 Subject: [PATCH 298/360] Add click_autocopy function --- web/skins/classic/views/js/filter.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/web/skins/classic/views/js/filter.js b/web/skins/classic/views/js/filter.js index 49a882ee6..36d1e09d5 100644 --- a/web/skins/classic/views/js/filter.js +++ b/web/skins/classic/views/js/filter.js @@ -72,6 +72,15 @@ function click_automove(element) { } } +function click_autocopy(element) { + updateButtons(this); + if ( this.checked ) { + $j(this.form.elements['filter[AutoCopyTo]']).css('display', 'inline'); + } else { + this.form.elements['filter[AutoCopyTo]'].hide(); + } +} + function checkValue( element ) { var rows = $j(element).closest('tbody').children(); parseRows(rows); From df0aef89affbc8a0cb6e31bf5395a3f03892f255 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 10:03:28 -0400 Subject: [PATCH 299/360] gracefully handle when window[fnName] doesn't exist --- web/skins/classic/js/skin.js | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/web/skins/classic/js/skin.js b/web/skins/classic/js/skin.js index d39062087..c29ef4a84 100644 --- a/web/skins/classic/js/skin.js +++ b/web/skins/classic/js/skin.js @@ -144,7 +144,7 @@ window.addEventListener("DOMContentLoaded", function onSkinDCL() { el.addEventListener("click", function onClick(evt) { var el = this; var url; - if (el.hasAttribute("href")) { + if ( el.hasAttribute("href") ) { // url = el.getAttribute("href"); } else { @@ -167,12 +167,20 @@ window.addEventListener("DOMContentLoaded", function onSkinDCL() { // 'data-on-click-this' calls the global function in the attribute value with the element when a click happens. document.querySelectorAll("a[data-on-click-this], button[data-on-click-this], input[data-on-click-this]").forEach(function attachOnClick(el) { var fnName = el.getAttribute("data-on-click-this"); + if ( !window[fnName] ) { + console.error("Nothing found to bind to " + fnName); + return; + } el.onclick = window[fnName].bind(el, el); }); // 'data-on-click' calls the global function in the attribute value with no arguments when a click happens. document.querySelectorAll("a[data-on-click], button[data-on-click], input[data-on-click]").forEach(function attachOnClick(el) { var fnName = el.getAttribute("data-on-click"); + if ( !window[fnName] ) { + console.error("Nothing found to bind to " + fnName); + return; + } el.onclick = function() { window[fnName](); }; @@ -181,6 +189,10 @@ window.addEventListener("DOMContentLoaded", function onSkinDCL() { // 'data-on-click-true' calls the global function in the attribute value with no arguments when a click happens. document.querySelectorAll("a[data-on-click-true], button[data-on-click-true], input[data-on-click-true]").forEach(function attachOnClick(el) { var fnName = el.getAttribute("data-on-click-true"); + if ( !window[fnName] ) { + console.error("Nothing found to bind to " + fnName); + return; + } el.onclick = function() { window[fnName](true); }; @@ -189,12 +201,20 @@ window.addEventListener("DOMContentLoaded", function onSkinDCL() { // 'data-on-change-this' calls the global function in the attribute value with the element when a change happens. document.querySelectorAll("select[data-on-change-this], input[data-on-change-this]").forEach(function attachOnChangeThis(el) { var fnName = el.getAttribute("data-on-change-this"); + if ( !window[fnName] ) { + console.error("Nothing found to bind to " + fnName); + return; + } el.onchange = window[fnName].bind(el, el); }); // 'data-on-change' adds an event listener for the global function in the attribute value when a change happens. document.querySelectorAll("select[data-on-change], input[data-on-change]").forEach(function attachOnChange(el) { var fnName = el.getAttribute("data-on-change"); + if ( !window[fnName] ) { + console.error("Nothing found to bind to " + fnName); + return; + } el.onchange = window[fnName]; }); }); From 88beb46c3e645491d93c157be5d6af10b37d16c8 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 10:04:15 -0400 Subject: [PATCH 300/360] Add FilterCopyEvents --- web/lang/en_gb.php | 1 + 1 file changed, 1 insertion(+) diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 4001c456e..526486921 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -356,6 +356,7 @@ $SLANG = array( 'FilterArchiveEvents' => 'Archive all matches', 'FilterUpdateDiskSpace' => 'Update used disk space', 'FilterDeleteEvents' => 'Delete all matches', + 'FilterCopyEvents' => 'Copy all matches', 'FilterMoveEvents' => 'Move all matches', 'FilterEmailEvents' => 'Email details of all matches', 'FilterExecuteEvents' => 'Execute command on all matches', From 49621bf6529173843261ac542e9306793f9f641d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 12:58:03 -0400 Subject: [PATCH 301/360] Only parse Sql if there is a Query in the filter --- scripts/ZoneMinder/lib/ZoneMinder/Filter.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm b/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm index 8383e43b7..fd6dd59dc 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Filter.pm @@ -132,6 +132,10 @@ sub Sql { my $self = shift; $$self{Sql} = shift if @_; if ( ! $$self{Sql} ) { + if ( !$self->{Query} ) { + Warning('No Query in filter.'); + return; + } my $filter_expr = ZoneMinder::General::jsonDecode($self->{Query}); my $sql = 'SELECT E.*, unix_timestamp(E.StartTime) as Time, From bb653b172c59d37e63844494a933e853e7cc94ca Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 23 Jul 2019 14:34:26 -0400 Subject: [PATCH 302/360] Use hires time to give better bandwidth reporitng --- scripts/ZoneMinder/lib/ZoneMinder/Event.pm | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm index e1516f1f5..27c157359 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm @@ -41,6 +41,7 @@ require Number::Bytes::Human; require Date::Parse; require POSIX; use Date::Format qw(time2str); +use Time::HiRes qw(gettimeofday tv_interval); #our @ISA = qw(ZoneMinder::Object); use parent qw(ZoneMinder::Object); @@ -595,7 +596,7 @@ Debug("Files to move @files"); for my $file (@files) { next if $file =~ /^\./; ( $file ) = ( $file =~ /^(.*)$/ ); # De-taint - my $starttime = time; + my $starttime = [gettimeofday]; Debug("Moving file $file to $NewPath"); my $size = -s $file; if ( ! $size ) { @@ -607,10 +608,10 @@ Debug("Files to move @files"); } my $filename = $event_path.'/'.File::Basename::basename($file); - if ( ! $bucket->add_key( $filename, $file_contents ) ) { + if ( ! $bucket->add_key($filename, $file_contents) ) { die "Unable to add key for $filename"; } - my $duration = time - $starttime; + my $duration = tv_interval($starttime); Debug('PUT to S3 ' . Number::Bytes::Human::format_bytes($size) . " in $duration seconds = " . Number::Bytes::Human::format_bytes($duration?$size/$duration:$size) . '/sec'); } # end foreach file. @@ -621,13 +622,13 @@ Debug("Files to move @files"); } # end if s3 my $error = ''; - if ( ! $moved ) { - File::Path::make_path( $NewPath, {error => \my $err} ); + if ( !$moved ) { + File::Path::make_path($NewPath, {error => \my $err}); if ( @$err ) { for my $diag (@$err) { my ($file, $message) = %$diag; next if $message eq 'File exists'; - if ($file eq '') { + if ( $file eq '' ) { $error .= "general error: $message\n"; } else { $error .= "problem making $file: $message\n"; @@ -641,20 +642,20 @@ Debug("Files to move @files"); my @files = glob("$OldPath/*"); if ( ! @files ) { $ZoneMinder::Database::dbh->commit(); - return "No files to move."; + return 'No files to move.'; } for my $file (@files) { next if $file =~ /^\./; ( $file ) = ( $file =~ /^(.*)$/ ); # De-taint - my $starttime = time; + my $starttime = [gettimeofday]; Debug("Moving file $file to $NewPath"); my $size = -s $file; if ( ! File::Copy::copy( $file, $NewPath ) ) { $error .= "Copy failed: for $file to $NewPath: $!"; last; } - my $duration = time - $starttime; + my $duration = tv_interval($starttime); Debug('Copied ' . Number::Bytes::Human::format_bytes($size) . " in $duration seconds = " . ($duration?Number::Bytes::Human::format_bytes($size/$duration):'inf') . '/sec'); } # end foreach file. } # end if ! moved From 98922b6788dfdc1f1d58a608fa75c66ecfd0e2f2 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 09:37:16 -0400 Subject: [PATCH 303/360] Add SecondaryStorageId to Event so that we can update it --- scripts/ZoneMinder/lib/ZoneMinder/Event.pm | 29 ++++++++++++---------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm index 27c157359..fd1c8297d 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm @@ -64,6 +64,7 @@ $serial = $primary_key = 'Id'; Id MonitorId StorageId + SecondaryStorageId Name Cause StartTime @@ -117,7 +118,7 @@ sub Time { } sub getPath { - return Path( @_ ); + return Path(@_); } sub Path { @@ -132,7 +133,7 @@ sub Path { if ( ! $$event{Path} ) { my $Storage = $event->Storage(); - $$event{Path} = join('/', $Storage->Path(), $event->RelativePath() ); + $$event{Path} = join('/', $Storage->Path(), $event->RelativePath()); } return $$event{Path}; } @@ -164,7 +165,8 @@ sub RelativePath { if ( $event->Time() ) { $$event{RelativePath} = join('/', $event->{MonitorId}, - POSIX::strftime( '%y/%m/%d/%H/%M/%S', + POSIX::strftime( + '%y/%m/%d/%H/%M/%S', localtime($event->Time()) ), ); @@ -204,7 +206,8 @@ sub LinkPath { if ( $event->Time() ) { $$event{LinkPath} = join('/', $event->{MonitorId}, - POSIX::strftime( '%y/%m/%d', + POSIX::strftime( + '%y/%m/%d', localtime($event->Time()) ), '.'.$$event{Id} @@ -256,8 +259,8 @@ sub createIdFile { sub GenerateVideo { my ( $self, $rate, $fps, $scale, $size, $overwrite, $format ) = @_; - my $event_path = $self->Path( ); - chdir( $event_path ); + my $event_path = $self->Path(); + chdir($event_path); ( my $video_name = $self->{Name} ) =~ s/\s/_/g; my @file_parts; @@ -283,10 +286,10 @@ sub GenerateVideo { $file_scale =~ s/_00//; $file_scale =~ s/(_\d+)0+$/$1/; $file_scale = 's'.$file_scale; - push( @file_parts, $file_scale ); + push @file_parts, $file_scale; } elsif ( $size ) { my $file_size = 'S'.$size; - push( @file_parts, $file_size ); + push @file_parts, $file_size; } my $video_file = join('-', $video_name, $file_parts[0], $file_parts[1] ).'.'.$format; if ( $overwrite || !-s $video_file ) { @@ -537,9 +540,9 @@ sub CopyTo { # We do this before bothering to lock the event my ( $NewPath ) = ( $NewStorage->Path() =~ /^(.*)$/ ); # De-taint if ( ! $$NewStorage{Id} ) { - return "New storage does not have an id. Moving will not happen."; + return 'New storage does not have an id. Moving will not happen.'; } elsif ( $$NewStorage{Id} == $$self{StorageId} ) { - return "Event is already located at " . $NewPath; + return 'Event is already located at ' . $NewPath; } elsif ( !$NewPath ) { return "New path ($NewPath) is empty."; } elsif ( ! -e $NewPath ) { @@ -551,7 +554,7 @@ sub CopyTo { # data is reloaded, so need to check that the move hasn't already happened. if ( $$self{StorageId} == $$NewStorage{Id} ) { $ZoneMinder::Database::dbh->commit(); - return "Event has already been moved by someone else."; + return 'Event has already been moved by someone else.'; } if ( $$OldStorage{Id} != $$self{StorageId} ) { @@ -586,13 +589,13 @@ sub CopyTo { } my $event_path = 'events/'.$self->RelativePath(); -Info("Making dir ectory $event_path/"); + Debug("Making directory $event_path/"); if ( ! $bucket->add_key( $event_path.'/','' ) ) { die "Unable to add key for $event_path/"; } my @files = glob("$OldPath/*"); -Debug("Files to move @files"); + Debug("Files to move @files"); for my $file (@files) { next if $file =~ /^\./; ( $file ) = ( $file =~ /^(.*)$/ ); # De-taint From 99f78c50af9a981276e29a6fab92c4b0a48f3dfb Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 09:37:38 -0400 Subject: [PATCH 304/360] Add Updating SecondaryStorageId when using CopyTo --- scripts/zmfilter.pl.in | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index 0b8812c87..b3da3bb68 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -346,10 +346,20 @@ sub checkFilter { Error($_) if $_; } if ( $filter->{AutoCopy} ) { - my $NewStorage = new ZoneMinder::Storage($filter->{AutoCopyTo}); - $_ = $Event->CopyTo($NewStorage); - Error($_) if $_; - } + # Copy To is different from MoveTo in that it JUST copies the files + # So we still need to update the Event object with the new SecondaryStorageId + my $NewStorage = ZoneMinder::Storage->find_one($filter->{AutoCopyTo}); + if ( $NewStorage ) { + $_ = $Event->CopyTo($NewStorage); + if ( $_ ) { + Error($_); + } else { + $Event->save({SecondaryStorageId=>$$NewStorage{Id}}); + } + } else { + Error("No storage area found for copy to operation. AutoCopyTo was $$filter{AutoCopyTo}"); + } + } # end if AutoCopy if ( $filter->{UpdateDiskSpace} ) { $ZoneMinder::Database::dbh->begin_work(); @@ -368,7 +378,7 @@ sub checkFilter { $ZoneMinder::Database::dbh->commit(); } # end if UpdateDiskSpace } # end foreach event -} +} # end sub checkFilter sub generateVideo { my $filter = shift; From 2d556e6402b9430ff156abd8e441f0b03add487e Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 10:52:32 -0400 Subject: [PATCH 305/360] Add SecondaryStorageId to Events --- db/zm_create.sql.in | 1 + 1 file changed, 1 insertion(+) diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index d1952f66a..113d434ff 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -186,6 +186,7 @@ CREATE TABLE `Events` ( `Id` bigint unsigned NOT NULL auto_increment, `MonitorId` int(10) unsigned NOT NULL default '0', `StorageId` smallint(5) unsigned default 0, + `SecondaryStorageId` smallint(5) unsigned default 0, `Name` varchar(64) NOT NULL default '', `Cause` varchar(32) NOT NULL default '', `StartTime` datetime default NULL, From 57133691e91c8898bd3700c3a68908fdc02f1349 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 10:53:23 -0400 Subject: [PATCH 306/360] Add update script for SecondaryStorageArea capability in Events and Filters --- db/zm_update-1.33.14.sql | 51 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 db/zm_update-1.33.14.sql diff --git a/db/zm_update-1.33.14.sql b/db/zm_update-1.33.14.sql new file mode 100644 index 000000000..83d0cfbba --- /dev/null +++ b/db/zm_update-1.33.14.sql @@ -0,0 +1,51 @@ +-- +-- Add CopyTo action to Filters +-- + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Filters' + AND column_name = 'AutoCopy' + ) > 0, +"SELECT 'Column AutoCopy already exists in Filters'", +"ALTER TABLE Filters ADD `AutoCopy` tinyint(3) unsigned NOT NULL default '0' AFTER `AutoMove`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Filters' + AND column_name = 'AutoCopyTo' + ) > 0, +"SELECT 'Column AutoCopyTo already exists in Filters'", +"ALTER TABLE Filters ADD `AutoCopyTo` smallint(5) unsigned NOT NULL default '0' AFTER `AutoCopy`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Filters' + AND column_name = 'Query_json' + ) > 0, +"SELECT 'Column Query_json already exists in Filters'", +"ALTER TABLE `Filters` Change `Query` `Query_json` text NOT NULL" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Events' + AND column_name = 'SecondaryStorageId' + ) > 0, +"SELECT 'Column SecondaryStorageId already exists in Events'", +"ALTER TABLE `Events` ADD `SecondaryStorageId` smallint(5) unsigned default 0 AFTER `StorageId`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; From afa02e436d6bddffa202fada5f74162d5dda4730 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 10:53:56 -0400 Subject: [PATCH 307/360] Upgrade Storage perl object to use parent Object::find --- scripts/ZoneMinder/lib/ZoneMinder/Storage.pm | 47 +------------------- 1 file changed, 2 insertions(+), 45 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Storage.pm b/scripts/ZoneMinder/lib/ZoneMinder/Storage.pm index 1f7c1b9fe..17d196f92 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Storage.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Storage.pm @@ -46,56 +46,13 @@ use ZoneMinder::Database qw(:all); use POSIX; -use vars qw/ $table $primary_key /; +use vars qw/ $table $primary_key %fields/; $table = 'Storage'; $primary_key = 'Id'; #__PACKAGE__->table('Storage'); #__PACKAGE__->primary_key('Id'); +%fields = map { $_ => $_ } qw( Id Name Path DoDelete ServerId Type Url DiskSpace Scheme ); -sub find { - shift if $_[0] eq 'ZoneMinder::Storage'; - my %sql_filters = @_; - - my $sql = 'SELECT * FROM Storage'; - my @sql_filters; - my @sql_values; - - if ( exists $sql_filters{Id} ) { - push @sql_filters , ' Id=? '; - push @sql_values, $sql_filters{Id}; - } - if ( exists $sql_filters{Name} ) { - push @sql_filters , ' Name = ? '; - push @sql_values, $sql_filters{Name}; - } - if ( exists $sql_filters{ServerId} ) { - push @sql_filters, ' ServerId = ?'; - push @sql_values, $sql_filters{ServerId}; - } - - - $sql .= ' WHERE ' . join(' AND ', @sql_filters) if @sql_filters; - $sql .= ' LIMIT ' . $sql_filters{limit} if $sql_filters{limit}; - - my $sth = $ZoneMinder::Database::dbh->prepare_cached( $sql ) - or Fatal( "Can't prepare '$sql': ".$ZoneMinder::Database::dbh->errstr() ); - my $res = $sth->execute( @sql_values ) - or Fatal( "Can't execute '$sql': ".$sth->errstr() ); - - my @results; - - while( my $db_filter = $sth->fetchrow_hashref() ) { - my $filter = new ZoneMinder::Storage( $$db_filter{Id}, $db_filter ); - push @results, $filter; - } # end while - Debug("SQL: $sql returned " . @results . ' results'); - return @results; -} - -sub find_one { - my @results = find(@_); - return $results[0] if @results; -} sub Path { if ( @_ > 1 ) { From 58851d23d2b4780f2da15f7e5f26cb033edeef30 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:22:55 -0400 Subject: [PATCH 308/360] Add Secondary Storage support to the Event object --- web/includes/Event.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/web/includes/Event.php b/web/includes/Event.php index 1b996a839..dc7dd3575 100644 --- a/web/includes/Event.php +++ b/web/includes/Event.php @@ -12,6 +12,7 @@ class Event { 'Name', 'MonitorId', 'StorageId', +'SecondaryStorageId', 'Name', 'Cause', 'StartTime', @@ -85,6 +86,19 @@ class Event { return $this->{'Storage'}; } + public function SecondaryStorage( $new = null ) { + if ( $new ) { + $this->{'SecondaryStorage'} = $new; + } + if ( ! ( array_key_exists('SecondaryStorage', $this) and $this->{'SecondaryStorage'} ) ) { + if ( isset($this->{'SecondaryStorageId'}) and $this->{'SecondaryStorageId'} ) + $this->{'SecondaryStorage'} = Storage::find_one(array('Id'=>$this->{'SecondaryStorageId'})); + if ( ! ( array_key_exists('SecondaryStorage', $this) and $this->{'SecondaryStorage'} ) ) + $this->{'SecondaryStorage'} = new Storage(NULL); + } + return $this->{'SecondaryStorage'}; + } + public function Monitor() { if ( isset($this->{'MonitorId'}) ) { $Monitor = Monitor::find_one(array('Id'=>$this->{'MonitorId'})); From aff081ad41c127133737fb4d7feb7add9fb39539 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:23:13 -0400 Subject: [PATCH 309/360] Must commit after COpyTo to release locks --- scripts/zmfilter.pl.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index b3da3bb68..5cba8f1d4 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -348,13 +348,15 @@ sub checkFilter { if ( $filter->{AutoCopy} ) { # Copy To is different from MoveTo in that it JUST copies the files # So we still need to update the Event object with the new SecondaryStorageId - my $NewStorage = ZoneMinder::Storage->find_one($filter->{AutoCopyTo}); + my $NewStorage = ZoneMinder::Storage->find_one(Id=>$filter->{AutoCopyTo}); if ( $NewStorage ) { $_ = $Event->CopyTo($NewStorage); if ( $_ ) { + $ZoneMinder::Database::dbh->commit(); Error($_); } else { $Event->save({SecondaryStorageId=>$$NewStorage{Id}}); + $ZoneMinder::Database::dbh->commit(); } } else { Error("No storage area found for copy to operation. AutoCopyTo was $$filter{AutoCopyTo}"); From 341f4adbdfaedd093869a009754f46a0a2c6f58d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:23:38 -0400 Subject: [PATCH 310/360] Functions that change the Query must reset Query_json as well --- web/includes/Filter.php | 46 ++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/web/includes/Filter.php b/web/includes/Filter.php index f8b06d4e5..d59ecda7c 100644 --- a/web/includes/Filter.php +++ b/web/includes/Filter.php @@ -23,29 +23,33 @@ class Filter extends ZM_Object { 'UpdateDiskSpace' => 0, 'Background' => 0, 'Concurrent' => 0, - #'limit' => 100, 'Query_json' => '', - #'sort_field' => ZM_WEB_EVENT_SORT_FIELD, - #'sort_asc' => ZM_WEB_EVENT_SORT_ORDER, ); - public function Query($new = -1) { - if ( $new and ( $new != -1 ) ) { - $this->{'Query'} = $new; - $this->{'Query_json'} = jsonEncode($new); - Logger::Debug("Setting Query to " . $this->{'Query_json'}); + public function Query_json() { + if ( func_num_args( ) ) { + $this->{'Query_json'} = func_get_arg(0);; + $this->{'Query'} = jsonDecode($this->{'Query_json'}); + } + return $this->{'Query_json'}; + } + + public function Query() { + if ( func_num_args( ) ) { + $this->{'Query'} = func_get_arg(0);; + $this->{'Query_json'} = jsonEncode($this->{'Query'}); } if ( !array_key_exists('Query', $this) ) { if ( array_key_exists('Query_json', $this) and $this->{'Query_json'} ) { $this->{'Query'} = jsonDecode($this->{'Query_json'}); - Logger::Debug("Decoded Query already" . print_r($this->{'Query'}, true )); - } else { - Logger::Debug("No Have Query_json already"); $this->{'Query'} = array(); } } else { - Logger::Debug("Have Query already" . print_r($this->{'Query'}, true )); + if ( !is_array($this->{'Query'}) ) { + # Handle existence of both Query_json and Query in the row + $this->{'Query'} = jsonDecode($this->{'Query_json'}); + } } return $this->{'Query'}; } @@ -59,8 +63,10 @@ class Filter extends ZM_Object { } public function terms( ) { - if ( func_num_args( ) ) { - $this->Query()['terms'] = func_get_arg(0); + if ( func_num_args() ) { + $Query = $this->Query(); + $Query['terms'] = func_get_arg(0); + $this->Query($Query); } if ( isset( $this->Query()['terms'] ) ) { return $this->Query()['terms']; @@ -71,7 +77,9 @@ class Filter extends ZM_Object { // The following three fields are actually stored in the Query public function sort_field( ) { if ( func_num_args( ) ) { - $this->Query()['sort_field'] = func_get_arg(0); + $Query = $this->Query(); + $Query['sort_field'] = func_get_arg(0); + $this->Query($Query); } if ( isset( $this->Query()['sort_field'] ) ) { return $this->{'Query'}['sort_field']; @@ -82,7 +90,9 @@ class Filter extends ZM_Object { public function sort_asc( ) { if ( func_num_args( ) ) { - $this->Query()['sort_asc'] = func_get_arg(0); + $Query = $this->Query(); + $Query['sort_asc'] = func_get_arg(0); + $this->Query($Query); } if ( isset( $this->Query()['sort_asc'] ) ) { return $this->{'Query'}['sort_asc']; @@ -93,7 +103,9 @@ class Filter extends ZM_Object { public function limit( ) { if ( func_num_args( ) ) { - $this->{'Query'}['limit'] = func_get_arg(0); + $Query = $this->Query(); + $Query['limit'] = func_get_arg(0); + $this->Query($Query); } if ( isset( $this->Query()['limit'] ) ) return $this->{'Query'}['limit']; From e3a9d5d48875c6cf8e24f73dc9f0d880a49e0a08 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:24:14 -0400 Subject: [PATCH 311/360] Rewrite changes to run through the keys of the passed in new values array, and handle object methods as well as basic values --- web/includes/Object.php | 46 +++++++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/web/includes/Object.php b/web/includes/Object.php index 041b45bed..2b58928d9 100644 --- a/web/includes/Object.php +++ b/web/includes/Object.php @@ -171,19 +171,43 @@ class ZM_Object { public function changes( $new_values ) { $changes = array(); - foreach ( $this->defaults as $field=>$default_value ) { - if ( array_key_exists($field, $new_values) ) { - Logger::Debug("Checking default $field => $default_value exists in new values :".$this->{$field} . " " .$new_values[$field]); - if ( (!array_key_exists($field, $this)) or ( $this->{$field} != $new_values[$field] ) ) { - Logger::Debug("Checking default $field => $default_value changes becaause" . $new_values[$field].' != '.$new_values[$field]); - $changes[$field] = $new_values[$field]; - #} else if { - Logger::Debug("Checking default $field => $default_value changes becaause " . $new_values[$field].' != '.$new_values[$field]); - #array_push( $changes, [$field=>$defaults[$field]] ); + foreach ( $new_values as $field => $value ) { + + if ( method_exists($this, $field) ) { + $old_value = $this->$field(); + Logger::Debug("Checking method $field () ".print_r($old_value,true)." => " . print_r($value,true)); + if ( is_array($old_value) ) { + $diff = array_recursive_diff($old_value, $value); + Logger::Debug("Checking method $field () diff is".print_r($diff,true)); + if ( count($diff) ) { + $changes[$field] = $value; + } + } else if ( $this->$field() != $value ) { + $changes[$field] = $value; + } + } else if ( array_key_exists($field, $this) ) { + Logger::Debug("Checking field $field => ".$this->{$field} . " ?= " .$value); + if ( $this->{$field} != $value ) { + $changes[$field] = $value; + } + } else if ( array_key_exists($field, $this->defaults) ) { + + Logger::Debug("Checking default $field => ".$this->defaults[$field] . " " .$value); + if ( $this->defaults[$field] != $value ) { + $changes[$field] = $value; } - } else { - Logger::Debug("Checking default $field => $default_value not in new_values"); } + + #if ( (!array_key_exists($field, $this)) or ( $this->{$field} != $new_values[$field] ) ) { + #Logger::Debug("Checking default $field => $default_value changes becaause" . $new_values[$field].' != '.$new_values[$field]); + #$changes[$field] = $new_values[$field]; + ##} else if { + #Logger::Debug("Checking default $field => $default_value changes becaause " . $new_values[$field].' != '.$new_values[$field]); + ##array_push( $changes, [$field=>$defaults[$field]] ); + #} + #} else { + #Logger::Debug("Checking default $field => $default_value not in new_values"); + #} } # end foreach default return $changes; } # end public function changes From 45afc2a534878b86ae10928fc4241c1f9acad36c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:24:37 -0400 Subject: [PATCH 312/360] introduce array_recursive_diff which we use to compare two arrays in Object::changes --- web/includes/functions.php | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/web/includes/functions.php b/web/includes/functions.php index 867861ffe..9e0655933 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -2518,4 +2518,45 @@ function format_duration($time, $separator=':') { return sprintf('%02d%s%02d%s%02d', floor($time/3600), $separator, ($time/60)%60, $separator, $time%60); } +function array_recursive_diff($aArray1, $aArray2) { + $aReturn = array(); + + foreach ($aArray1 as $mKey => $mValue) { + if ( array_key_exists($mKey, $aArray2) ) { + if ( is_array($mValue) ) { + $aRecursiveDiff = array_recursive_diff($mValue, $aArray2[$mKey]); + if ( count($aRecursiveDiff) ) { + $aReturn[$mKey] = $aRecursiveDiff; + } + } else { + if ( $mValue != $aArray2[$mKey] ) { + $aReturn[$mKey] = $mValue; + } + } + } else { + $aReturn[$mKey] = $mValue; + } + } + # Now check for keys in array2 that are not in array1 + foreach ($aArray2 as $mKey => $mValue) { + if ( array_key_exists($mKey, $aArray1) ) { + # Already checked it... I think. + #if ( is_array($mValue) ) { + #$aRecursiveDiff = array_recursive_diff($mValue, $aArray2[$mKey]); + #if ( count($aRecursiveDiff) ) { + #$aReturn[$mKey] = $aRecursiveDiff; + #} + #} else { + #if ( $mValue != $aArray2[$mKey] ) { + #$aReturn[$mKey] = $mValue; + #} + #} + } else { + $aReturn[$mKey] = $mValue; + } + } + + return $aReturn; +} + ?> From 1254e8ab67d0c90ee0b6b98b3496e5ad70036c78 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:24:50 -0400 Subject: [PATCH 313/360] Add AttrSecondaryStorageArea to lang --- web/lang/en_gb.php | 1 + 1 file changed, 1 insertion(+) diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 526486921..0e575fd1f 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -132,6 +132,7 @@ $SLANG = array( 'AttrMaxScore' => 'Max. Score', 'AttrMonitorId' => 'Monitor Id', 'AttrMonitorName' => 'Monitor Name', + 'AttrSecondaryStorageArea' => 'Secondary Storage Area', 'AttrStorageArea' => 'Storage Area', 'AttrFilterServer' => 'Server Filter is Running On', 'AttrMonitorServer' => 'Server Monitor is Running On', From 1a0beab70336397109379197de3b253c01d2642c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:25:38 -0400 Subject: [PATCH 314/360] add Secondary Storage Area options. Storage array is now an array of Objects so use the Name key --- web/skins/classic/views/js/filter.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/views/js/filter.js b/web/skins/classic/views/js/filter.js index 36d1e09d5..99e8a9c03 100644 --- a/web/skins/classic/views/js/filter.js +++ b/web/skins/classic/views/js/filter.js @@ -209,10 +209,10 @@ function parseRows(rows) { } var serverVal = inputTds.eq(4).children().val(); inputTds.eq(4).html(serverSelect).children().val(serverVal).chosen({width: "101%"}); - } else if ( attr == 'StorageId' ) { //Choose by storagearea + } else if ( (attr == 'StorageId') || (attr == 'SecondaryStorageId') ) { //Choose by storagearea var storageSelect = $j('').attr('name', queryPrefix + rowNum + '][val]').attr('id', queryPrefix + rowNum + '][val]'); for ( key in storageareas ) { - storageSelect.append(''); + storageSelect.append(''); } var storageVal = inputTds.eq(4).children().val(); inputTds.eq(4).html(storageSelect).children().val(storageVal).chosen({width: "101%"}); From 2d46f2adaba3747401d96cd8549916a739e8d696 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:25:51 -0400 Subject: [PATCH 315/360] add Secondary Storage Area options. --- web/skins/classic/views/filter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php index 893d1ecbd..2f159230e 100644 --- a/web/skins/classic/views/filter.php +++ b/web/skins/classic/views/filter.php @@ -270,7 +270,7 @@ for ( $i=0; $i < count($terms); $i++ ) { From 39262d55f5914004a2ae41a273bb7631d96294ec Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 24 Jul 2019 11:26:07 -0400 Subject: [PATCH 316/360] Also show secondary storage area when viewing event --- web/skins/classic/views/event.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/web/skins/classic/views/event.php b/web/skins/classic/views/event.php index b09f88acc..f0a6e343c 100644 --- a/web/skins/classic/views/event.php +++ b/web/skins/classic/views/event.php @@ -134,7 +134,11 @@ if ( ! $Event->Id() ) { Length().'s' ?> Frames() ?>/AlarmFrames() ?> TotScore() ?>/AvgScore() ?>/MaxScore() ?> - DiskSpace(null)) . ' on ' . $Event->Storage()->Name() ?> + +DiskSpace(null)) . ' on ' . $Event->Storage()->Name(). + ( $Event->SecondaryStorageId() ? ', ' . $Event->SecondaryStorage()->Name() :'' ) +?>
From 847cd9f34758cc11a54e44f318ad542d54d63755 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 19 Jun 2019 08:36:37 -0400 Subject: [PATCH 193/360] Print out an error when a monitor is in MONITOR mode because we can't handle alarms. Allow signals to terminate zmu by checking zm_terminate. --- src/zmu.cpp | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/zmu.cpp b/src/zmu.cpp index 07f9ae8aa..bd70f8337 100644 --- a/src/zmu.cpp +++ b/src/zmu.cpp @@ -571,14 +571,18 @@ int main(int argc, char *argv[]) { monitor->DumpZoneImage(zoneString); } if ( function & ZMU_ALARM ) { - if ( verbose ) - printf("Forcing alarm on\n"); - monitor->ForceAlarmOn(config.forced_alarm_score, "Forced Web"); - while ( monitor->GetState() != Monitor::ALARM ) { - // Wait for monitor to notice. - usleep(1000); - } - printf("Alarmed event id: %" PRIu64 "\n", monitor->GetLastEventId()); + if ( monitor->GetFunction() == Monitor::Function::MONITOR ) { + printf("A Monitor in monitor mode cannot handle alarms. Please use NoDect\n"); + } else { + if ( verbose ) + printf("Forcing alarm on\n"); + monitor->ForceAlarmOn(config.forced_alarm_score, "Forced Web"); + while ( (monitor->GetState() != Monitor::ALARM) && !zm_terminate ) { + // Wait for monitor to notice. + usleep(1000); + } + printf("Alarmed event id: %" PRIu64 "\n", monitor->GetLastEventId()); + } // end if ! MONITOR } if ( function & ZMU_NOALARM ) { if ( verbose ) From 9727d0ed9f61b371c53ae15a74d0eac2a6ea4ef9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 19 Jun 2019 09:21:44 -0400 Subject: [PATCH 194/360] spaces --- src/zm_ffmpeg_camera.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index edf338f6e..4b0bb7c9e 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -458,9 +458,9 @@ int FfmpegCamera::OpenFfmpeg() { } } // end foreach stream if ( mVideoStreamId == -1 ) - Fatal( "Unable to locate video stream in %s", mPath.c_str() ); + Fatal("Unable to locate video stream in %s", mPath.c_str()); if ( mAudioStreamId == -1 ) - Debug( 3, "Unable to locate audio stream in %s", mPath.c_str() ); + Debug(3, "Unable to locate audio stream in %s", mPath.c_str()); Debug(3, "Found video stream at index %d", mVideoStreamId); Debug(3, "Found audio stream at index %d", mAudioStreamId); From 16b035f76c3ada1b5cf6198f02d0617fda6a439a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 19 Jun 2019 09:22:12 -0400 Subject: [PATCH 195/360] Use common first_dts/pts instead of separate video and audio first pts/dts --- src/zm_videostore.cpp | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 3ad93fd69..0c1e6a6f4 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -285,8 +285,8 @@ VideoStore::VideoStore( video_last_pts = 0; video_last_dts = 0; - audio_first_pts = 0; - audio_first_dts = 0; + video_first_pts = 0; + video_first_dts = 0; audio_next_pts = 0; audio_next_dts = 0; @@ -1017,12 +1017,12 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { zm_dump_frame(out_frame, "Out frame after resample"); // out_frame pts is in the input pkt pts... needs to be adjusted before sending to the encoder if ( out_frame->pts != AV_NOPTS_VALUE ) { - if ( !audio_first_pts ) { - audio_first_pts = out_frame->pts; - Debug(1, "No audio_first_pts setting to %" PRId64, audio_first_pts); + if ( !video_first_pts ) { + video_first_pts = out_frame->pts; + Debug(1, "No video_first_pts setting to %" PRId64, video_first_pts); out_frame->pts = 0; } else { - out_frame->pts = out_frame->pts - audio_first_pts; + out_frame->pts = out_frame->pts - video_first_pts; zm_dump_frame(out_frame, "Out frame after pts adjustment"); } // @@ -1097,18 +1097,18 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { } // Scale the PTS of the outgoing packet to be the correct time base if ( ipkt->pts != AV_NOPTS_VALUE ) { - if ( !audio_first_pts ) { + if ( !video_first_pts ) { opkt.pts = 0; - audio_first_pts = ipkt->pts; - Debug(1, "No audio_first_pts"); + video_first_pts = ipkt->pts; + Debug(1, "No video_first_pts"); } else { opkt.pts = av_rescale_q( - ipkt->pts - audio_first_pts, + ipkt->pts - video_first_pts, AV_TIME_BASE_Q, //audio_in_stream->time_base, audio_out_stream->time_base); Debug(2, "audio opkt.pts = %" PRId64 " from ipkt->pts(%" PRId64 ") - first_pts(%" PRId64 ")", - opkt.pts, ipkt->pts, audio_first_pts); + opkt.pts, ipkt->pts, video_first_pts); } } else { Debug(2, "opkt.pts = undef"); @@ -1126,17 +1126,17 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { opkt.dts = audio_next_dts + av_rescale_q( audio_in_stream->cur_dts - audio_last_dts, AV_TIME_BASE_Q, audio_out_stream->time_base); } #endif - if ( !audio_first_dts ) { + if ( !video_first_dts ) { opkt.dts = 0; - audio_first_dts = ipkt->dts; + video_first_dts = ipkt->dts; } else { opkt.dts = av_rescale_q( - ipkt->dts - audio_first_dts, + ipkt->dts - video_first_dts, AV_TIME_BASE_Q, //audio_in_stream->time_base, audio_out_stream->time_base); Debug(2, "opkt.dts = %" PRId64 " from ipkt.dts(%" PRId64 ") - first_dts(%" PRId64 ")", - opkt.dts, ipkt->dts, audio_first_dts); + opkt.dts, ipkt->dts, video_first_dts); } audio_last_dts = ipkt->dts; } else { @@ -1200,12 +1200,12 @@ int VideoStore::resample_audio() { #if 0 // out_frame pts is in the input pkt pts... needs to be adjusted before sending to the encoder if ( out_frame->pts != AV_NOPTS_VALUE ) { - if ( !audio_first_pts ) { - audio_first_pts = out_frame->pts; - Debug(1, "No audio_first_pts setting to %" PRId64, audio_first_pts); + if ( !video_first_pts ) { + video_first_pts = out_frame->pts; + Debug(1, "No video_first_pts setting to %" PRId64, video_first_pts); out_frame->pts = 0; } else { - out_frame->pts = out_frame->pts - audio_first_pts; + out_frame->pts = out_frame->pts - video_first_pts; } // } else { From cc35e3f187cf25a3759755315535b84322f6dcdd Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 19 Jun 2019 09:51:06 -0400 Subject: [PATCH 196/360] add dumpQueue to packetqueue to print out the contents --- src/zm_ffmpeg_camera.cpp | 1 + src/zm_packetqueue.cpp | 11 ++++++++++- src/zm_packetqueue.h | 1 + 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 4b0bb7c9e..5442f7c1c 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -807,6 +807,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( last_event_id and !videoStore ) { //Instantiate the video storage module + packetqueue->dumpQueue(); if ( record_audio ) { if ( mAudioStreamId == -1 ) { Debug(3, "Record Audio on but no audio stream found"); diff --git a/src/zm_packetqueue.cpp b/src/zm_packetqueue.cpp index 1287c7bd5..b39b612cf 100644 --- a/src/zm_packetqueue.cpp +++ b/src/zm_packetqueue.cpp @@ -63,7 +63,7 @@ bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) { && ( av_packet->dts <= zm_packet->packet.dts) ) { - Debug(2, "break packet with stream index (%d) with dts %" PRId64, + Debug(2, "break packet with stream index (%d) with dts %" PRId64, (*it)->packet.stream_index, (*it)->packet.dts); break; } @@ -273,3 +273,12 @@ void zm_packetqueue::clear_unwanted_packets( timeval *recording_started, int mVi deleted_frames, pktQueue.size(), av_packet->stream_index, ( av_packet->flags & AV_PKT_FLAG_KEY ), distance( it, pktQueue.rend() ), pktQueue.size() ); } } // end void zm_packetqueue::clear_unwanted_packets( timeval *recording_started, int mVideoStreamId ) + +void zm_packetqueue::dumpQueue() { + std::list::reverse_iterator it; + for ( it = pktQueue.rbegin(); it != pktQueue.rend(); ++ it ) { + ZMPacket *zm_packet = *it; + AVPacket *av_packet = &(zm_packet->packet); + dumpPacket(av_packet); + } +} diff --git a/src/zm_packetqueue.h b/src/zm_packetqueue.h index 984243c38..6e4b83b02 100644 --- a/src/zm_packetqueue.h +++ b/src/zm_packetqueue.h @@ -41,6 +41,7 @@ public: bool popAudioPacket(ZMPacket* packet); unsigned int clearQueue(unsigned int video_frames_to_keep, int stream_id); void clearQueue(); + void dumpQueue(); unsigned int size(); void clear_unwanted_packets(timeval *recording, int mVideoStreamId); int packet_count(int stream_id); From 540a114c4b2fed102fce183005639efa1630834d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 19 Jun 2019 10:31:53 -0400 Subject: [PATCH 197/360] spacing google code style --- src/zm_crypt.cpp | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 0235e5c13..f6491a480 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -66,14 +66,14 @@ std::pair verifyToken(std::string jwt_token_str, std bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash) { bool password_correct = false; - if (strlen(db_password_hash ) < 4) { + if ( strlen(db_password_hash) < 4 ) { // actually, shoud be more, but this is min. for next code - Error ("DB Password is too short or invalid to check"); + Error("DB Password is too short or invalid to check"); return false; } - if (db_password_hash[0] == '*') { + if ( db_password_hash[0] == '*' ) { // MYSQL PASSWORD - Debug (1,"%s is using an MD5 encoded password", username); + Debug(1, "%s is using an MD5 encoded password", username); SHA_CTX ctx1, ctx2; unsigned char digest_interim[SHA_DIGEST_LENGTH]; @@ -90,28 +90,30 @@ bool verifyPassword(const char *username, const char *input_password, const char SHA1_Final (digest_final, &ctx2); char final_hash[SHA_DIGEST_LENGTH * 2 +2]; - final_hash[0]='*'; + final_hash[0] = '*'; //convert to hex - for(int i = 0; i < SHA_DIGEST_LENGTH; i++) - sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]); - final_hash[SHA_DIGEST_LENGTH *2 + 1]=0; + for ( int i = 0; i < SHA_DIGEST_LENGTH; i++ ) + sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]); + final_hash[SHA_DIGEST_LENGTH *2 + 1] = 0; - Debug (1,"Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); - Debug (5, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); + Debug(1, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); password_correct = (strcmp(db_password_hash, final_hash)==0); - } - else if ((db_password_hash[0] == '$') && (db_password_hash[1]== '2') - &&(db_password_hash[3] == '$')) { + } else if ( + (db_password_hash[0] == '$') + && + (db_password_hash[1]== '2') + && + (db_password_hash[3] == '$') + ) { // BCRYPT - Debug (1,"%s is using a bcrypt encoded password", username); + Debug(1, "%s is using a bcrypt encoded password", username); BCrypt bcrypt; std::string input_hash = bcrypt.generateHash(std::string(input_password)); password_correct = bcrypt.validatePassword(std::string(input_password), std::string(db_password_hash)); - } - else { + } else { // plain - Warning ("%s is using a plain text password, please do not use plain text", username); + Warning("%s is using a plain text password, please do not use plain text", username); password_correct = (strcmp(input_password, db_password_hash) == 0); } return password_correct; -} \ No newline at end of file +} From b068428bbcbbf28928d379c3114df79f959ae988 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 20 Jun 2019 13:27:42 -0400 Subject: [PATCH 198/360] zmcontrol complains about unfinished statement handles. This is because we aren't finishing them in functions in Database.pm --- scripts/ZoneMinder/lib/ZoneMinder/Database.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Database.pm b/scripts/ZoneMinder/lib/ZoneMinder/Database.pm index 5c6617510..9a1c79237 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Database.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Database.pm @@ -214,6 +214,7 @@ sub zmDbGetMonitor { return undef; } my $monitor = $sth->fetchrow_hashref(); + $sth->finish(); return $monitor; } @@ -240,6 +241,7 @@ sub zmDbGetMonitorAndControl { return undef; } my $monitor = $sth->fetchrow_hashref(); + $sth->finish(); return $monitor; } From 3bae7a5432aa1a3c8fd6e94b328f48902279868d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 20 Jun 2019 13:28:12 -0400 Subject: [PATCH 199/360] spaces and parenthesis --- scripts/zmcontrol.pl.in | 1 - web/includes/control_functions.php | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/zmcontrol.pl.in b/scripts/zmcontrol.pl.in index f83bc82d4..1ac21f0ea 100644 --- a/scripts/zmcontrol.pl.in +++ b/scripts/zmcontrol.pl.in @@ -70,7 +70,6 @@ if ( !$id ) { ( $id ) = $id =~ /^(\w+)$/; - my $sock_file = $Config{ZM_PATH_SOCKS}.'/zmcontrol-'.$id.'.sock'; Debug("zmcontrol: arg string: $arg_string sock file $sock_file"); diff --git a/web/includes/control_functions.php b/web/includes/control_functions.php index 77240df49..5573db5a5 100644 --- a/web/includes/control_functions.php +++ b/web/includes/control_functions.php @@ -732,7 +732,7 @@ function buildControlCommand( $monitor ) { } } $ctrlCommand .= ' --command='.$_REQUEST['control']; - return( $ctrlCommand ); + return $ctrlCommand; } function sendControlCommand($mid, $command) { From 8b95ba8b3cdc10c04fb57f3cdeb983e79c44255b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 20 Jun 2019 15:08:38 -0400 Subject: [PATCH 200/360] it is ok for pts to be AV_NOPT_VALUE. It is not yet deprecated and doesn't mess anything up. --- src/zm_ffmpeg_camera.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 5442f7c1c..d5d48b054 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -760,8 +760,8 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event dumpPacket(mFormatContext->streams[packet.stream_index], &packet, "Captured Packet"); if ( packet.dts == AV_NOPTS_VALUE ) { packet.dts = packet.pts; - } else if ( packet.pts == AV_NOPTS_VALUE ) { - packet.pts = packet.dts; + //} else if ( packet.pts == AV_NOPTS_VALUE ) { + //packet.pts = packet.dts; } // Video recording From 4c8b8d0c16154581f5b9435d02aa777228d7e955 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 20 Jun 2019 15:09:30 -0400 Subject: [PATCH 201/360] Only check pts vs dts if pts isn't AV_NOPTS_VALUE. Also set frame_size in output codec when doing passthrough --- src/zm_videostore.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 0c1e6a6f4..5b12e5bc5 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -371,6 +371,8 @@ VideoStore::VideoStore( audio_out_ctx->codec_tag = 0; #endif + audio_out_ctx->frame_size = audio_in_ctx->frame_size; + if ( audio_out_ctx->channels > 1 ) { Warning("Audio isn't mono, changing it."); audio_out_ctx->channels = 1; @@ -938,7 +940,7 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { Debug(3, "opkt.dts = %" PRId64 " from ipkt->dts(%" PRId64 ") - first_pts(%" PRId64 ")", opkt.dts, ipkt->dts, video_first_dts); } - if ( opkt.dts > opkt.pts ) { + if ( (opkt.pts != AV_NOPTS_VALUE) && (opkt.dts > opkt.pts) ) { Debug(1, "opkt.dts(%" PRId64 ") must be <= opkt.pts(%" PRId64 "). Decompression must happen " "before presentation.", From 36995de96f44c760b8674480bd013e3311e512e2 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 20 Jun 2019 15:11:49 -0400 Subject: [PATCH 202/360] Alter option help for EVENT_CLOSE_MODE to reflect that alarm will end the continuous event and start a new one --- .../ZoneMinder/lib/ZoneMinder/ConfigData.pm.in | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index c848441e8..2b2a20958 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -2571,17 +2571,23 @@ our @options = ( period of time (the section length). However in Mocord mode it is possible that motion detection may occur near the end of a section. This option controls what happens when an alarm occurs - in Mocord mode. The 'time' setting means that the event will be - closed at the end of the section regardless of alarm activity. + in Mocord mode.~~ + ~~ + The 'time' setting means that the event will be + closed at the end of the section regardless of alarm activity.~~ + ~~ The 'idle' setting means that the event will be closed at the end of the section if there is no alarm activity occurring at the time otherwise it will be closed once the alarm is over meaning the event may end up being longer than the normal - section length. The 'alarm' setting means that if an alarm - occurs during the event, the event will be closed once the - alarm is over regardless of when this occurs. This has the + section length.~~ + ~~ + The 'alarm' setting means that if an alarm + occurs during the event, the event will be closed and a new one + will be opened. So events will only be alarmed or continuous. + This has the effect of limiting the number of alarms to one per event and - the events will be shorter than the section length if an alarm + the events may be shorter than the section length if an alarm has occurred. `, type => $types{boolean}, From f6960726b8a36049ae0e609acf5a07f177b1070a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 20 Jun 2019 15:12:32 -0400 Subject: [PATCH 203/360] Don't check cause.length because we know it hasn't been used yet. check event_close_mode before closing the continuous unalarmed event --- src/zm_monitor.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index b907f2395..7cff1b1f8 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -1379,12 +1379,12 @@ bool Monitor::Analyse() { score += trigger_data->trigger_score; if ( !event ) { // How could it have a length already? - if ( cause.length() ) - cause += ", "; + //if ( cause.length() ) + //cause += ", "; cause += trigger_data->trigger_cause; } Event::StringSet noteSet; - noteSet.insert( trigger_data->trigger_text ); + noteSet.insert(trigger_data->trigger_text); noteSetMap[trigger_data->trigger_cause] = noteSet; } if ( signal_change ) { @@ -1510,7 +1510,7 @@ bool Monitor::Analyse() { // This is so if we need more than 1 alarm frame before going into alarm, so it is basically if we have enough alarm frames if ( (!pre_event_count) || (Event::PreAlarmCount() >= alarm_frame_count) ) { // If we should end then previous continuous event and start a new non-continuous event - if ( event && event->Frames() && !event->AlarmFrames() ) { + if ( event && event->Frames() && (!event->AlarmFrames()) && (event_close_mode == CLOSE_ALARM) ) { Info("%s: %03d - Closing event %" PRIu64 ", continuous end, alarm begins", name, image_count, event->Id()); closeEvent(); From 470da033228bb01d23eafd8e17d129bd3dee4654 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 20 Jun 2019 15:14:20 -0400 Subject: [PATCH 204/360] Merge sync fixes from storageareas --- src/zm_crypt.cpp | 38 +++++++++++++++++++----------------- src/zm_ffmpeg_camera.cpp | 13 ++++++++++--- src/zm_packetqueue.cpp | 11 ++++++++++- src/zm_packetqueue.h | 1 + src/zm_videostore.cpp | 42 +++++++++++++++++++++------------------- 5 files changed, 63 insertions(+), 42 deletions(-) diff --git a/src/zm_crypt.cpp b/src/zm_crypt.cpp index 0235e5c13..f6491a480 100644 --- a/src/zm_crypt.cpp +++ b/src/zm_crypt.cpp @@ -66,14 +66,14 @@ std::pair verifyToken(std::string jwt_token_str, std bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash) { bool password_correct = false; - if (strlen(db_password_hash ) < 4) { + if ( strlen(db_password_hash) < 4 ) { // actually, shoud be more, but this is min. for next code - Error ("DB Password is too short or invalid to check"); + Error("DB Password is too short or invalid to check"); return false; } - if (db_password_hash[0] == '*') { + if ( db_password_hash[0] == '*' ) { // MYSQL PASSWORD - Debug (1,"%s is using an MD5 encoded password", username); + Debug(1, "%s is using an MD5 encoded password", username); SHA_CTX ctx1, ctx2; unsigned char digest_interim[SHA_DIGEST_LENGTH]; @@ -90,28 +90,30 @@ bool verifyPassword(const char *username, const char *input_password, const char SHA1_Final (digest_final, &ctx2); char final_hash[SHA_DIGEST_LENGTH * 2 +2]; - final_hash[0]='*'; + final_hash[0] = '*'; //convert to hex - for(int i = 0; i < SHA_DIGEST_LENGTH; i++) - sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]); - final_hash[SHA_DIGEST_LENGTH *2 + 1]=0; + for ( int i = 0; i < SHA_DIGEST_LENGTH; i++ ) + sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]); + final_hash[SHA_DIGEST_LENGTH *2 + 1] = 0; - Debug (1,"Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); - Debug (5, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); + Debug(1, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash); password_correct = (strcmp(db_password_hash, final_hash)==0); - } - else if ((db_password_hash[0] == '$') && (db_password_hash[1]== '2') - &&(db_password_hash[3] == '$')) { + } else if ( + (db_password_hash[0] == '$') + && + (db_password_hash[1]== '2') + && + (db_password_hash[3] == '$') + ) { // BCRYPT - Debug (1,"%s is using a bcrypt encoded password", username); + Debug(1, "%s is using a bcrypt encoded password", username); BCrypt bcrypt; std::string input_hash = bcrypt.generateHash(std::string(input_password)); password_correct = bcrypt.validatePassword(std::string(input_password), std::string(db_password_hash)); - } - else { + } else { // plain - Warning ("%s is using a plain text password, please do not use plain text", username); + Warning("%s is using a plain text password, please do not use plain text", username); password_correct = (strcmp(input_password, db_password_hash) == 0); } return password_correct; -} \ No newline at end of file +} diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 201c0ff0e..d5d48b054 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -458,9 +458,9 @@ int FfmpegCamera::OpenFfmpeg() { } } // end foreach stream if ( mVideoStreamId == -1 ) - Fatal( "Unable to locate video stream in %s", mPath.c_str() ); + Fatal("Unable to locate video stream in %s", mPath.c_str()); if ( mAudioStreamId == -1 ) - Debug( 3, "Unable to locate audio stream in %s", mPath.c_str() ); + Debug(3, "Unable to locate audio stream in %s", mPath.c_str()); Debug(3, "Found video stream at index %d", mVideoStreamId); Debug(3, "Found audio stream at index %d", mAudioStreamId); @@ -758,6 +758,11 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event int keyframe = packet.flags & AV_PKT_FLAG_KEY; bytes += packet.size; dumpPacket(mFormatContext->streams[packet.stream_index], &packet, "Captured Packet"); + if ( packet.dts == AV_NOPTS_VALUE ) { + packet.dts = packet.pts; + //} else if ( packet.pts == AV_NOPTS_VALUE ) { + //packet.pts = packet.dts; + } // Video recording if ( recording.tv_sec ) { @@ -802,6 +807,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( last_event_id and !videoStore ) { //Instantiate the video storage module + packetqueue->dumpQueue(); if ( record_audio ) { if ( mAudioStreamId == -1 ) { Debug(3, "Record Audio on but no audio stream found"); @@ -967,7 +973,8 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event ret = avcodec_receive_frame(mVideoCodecContext, mRawFrame); if ( ret < 0 ) { av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Warning("Unable to receive frame %d: %s, continuing", frameCount, errbuf); + Warning("Unable to receive frame %d: %s, continuing. error count is %s", + frameCount, errbuf, error_count); error_count += 1; if ( error_count > 100 ) { Error("Error count over 100, going to close and re-open stream"); diff --git a/src/zm_packetqueue.cpp b/src/zm_packetqueue.cpp index 1287c7bd5..b39b612cf 100644 --- a/src/zm_packetqueue.cpp +++ b/src/zm_packetqueue.cpp @@ -63,7 +63,7 @@ bool zm_packetqueue::queuePacket(ZMPacket* zm_packet) { && ( av_packet->dts <= zm_packet->packet.dts) ) { - Debug(2, "break packet with stream index (%d) with dts %" PRId64, + Debug(2, "break packet with stream index (%d) with dts %" PRId64, (*it)->packet.stream_index, (*it)->packet.dts); break; } @@ -273,3 +273,12 @@ void zm_packetqueue::clear_unwanted_packets( timeval *recording_started, int mVi deleted_frames, pktQueue.size(), av_packet->stream_index, ( av_packet->flags & AV_PKT_FLAG_KEY ), distance( it, pktQueue.rend() ), pktQueue.size() ); } } // end void zm_packetqueue::clear_unwanted_packets( timeval *recording_started, int mVideoStreamId ) + +void zm_packetqueue::dumpQueue() { + std::list::reverse_iterator it; + for ( it = pktQueue.rbegin(); it != pktQueue.rend(); ++ it ) { + ZMPacket *zm_packet = *it; + AVPacket *av_packet = &(zm_packet->packet); + dumpPacket(av_packet); + } +} diff --git a/src/zm_packetqueue.h b/src/zm_packetqueue.h index 984243c38..6e4b83b02 100644 --- a/src/zm_packetqueue.h +++ b/src/zm_packetqueue.h @@ -41,6 +41,7 @@ public: bool popAudioPacket(ZMPacket* packet); unsigned int clearQueue(unsigned int video_frames_to_keep, int stream_id); void clearQueue(); + void dumpQueue(); unsigned int size(); void clear_unwanted_packets(timeval *recording, int mVideoStreamId); int packet_count(int stream_id); diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 3ad93fd69..5b12e5bc5 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -285,8 +285,8 @@ VideoStore::VideoStore( video_last_pts = 0; video_last_dts = 0; - audio_first_pts = 0; - audio_first_dts = 0; + video_first_pts = 0; + video_first_dts = 0; audio_next_pts = 0; audio_next_dts = 0; @@ -371,6 +371,8 @@ VideoStore::VideoStore( audio_out_ctx->codec_tag = 0; #endif + audio_out_ctx->frame_size = audio_in_ctx->frame_size; + if ( audio_out_ctx->channels > 1 ) { Warning("Audio isn't mono, changing it."); audio_out_ctx->channels = 1; @@ -938,7 +940,7 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { Debug(3, "opkt.dts = %" PRId64 " from ipkt->dts(%" PRId64 ") - first_pts(%" PRId64 ")", opkt.dts, ipkt->dts, video_first_dts); } - if ( opkt.dts > opkt.pts ) { + if ( (opkt.pts != AV_NOPTS_VALUE) && (opkt.dts > opkt.pts) ) { Debug(1, "opkt.dts(%" PRId64 ") must be <= opkt.pts(%" PRId64 "). Decompression must happen " "before presentation.", @@ -1017,12 +1019,12 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { zm_dump_frame(out_frame, "Out frame after resample"); // out_frame pts is in the input pkt pts... needs to be adjusted before sending to the encoder if ( out_frame->pts != AV_NOPTS_VALUE ) { - if ( !audio_first_pts ) { - audio_first_pts = out_frame->pts; - Debug(1, "No audio_first_pts setting to %" PRId64, audio_first_pts); + if ( !video_first_pts ) { + video_first_pts = out_frame->pts; + Debug(1, "No video_first_pts setting to %" PRId64, video_first_pts); out_frame->pts = 0; } else { - out_frame->pts = out_frame->pts - audio_first_pts; + out_frame->pts = out_frame->pts - video_first_pts; zm_dump_frame(out_frame, "Out frame after pts adjustment"); } // @@ -1097,18 +1099,18 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { } // Scale the PTS of the outgoing packet to be the correct time base if ( ipkt->pts != AV_NOPTS_VALUE ) { - if ( !audio_first_pts ) { + if ( !video_first_pts ) { opkt.pts = 0; - audio_first_pts = ipkt->pts; - Debug(1, "No audio_first_pts"); + video_first_pts = ipkt->pts; + Debug(1, "No video_first_pts"); } else { opkt.pts = av_rescale_q( - ipkt->pts - audio_first_pts, + ipkt->pts - video_first_pts, AV_TIME_BASE_Q, //audio_in_stream->time_base, audio_out_stream->time_base); Debug(2, "audio opkt.pts = %" PRId64 " from ipkt->pts(%" PRId64 ") - first_pts(%" PRId64 ")", - opkt.pts, ipkt->pts, audio_first_pts); + opkt.pts, ipkt->pts, video_first_pts); } } else { Debug(2, "opkt.pts = undef"); @@ -1126,17 +1128,17 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { opkt.dts = audio_next_dts + av_rescale_q( audio_in_stream->cur_dts - audio_last_dts, AV_TIME_BASE_Q, audio_out_stream->time_base); } #endif - if ( !audio_first_dts ) { + if ( !video_first_dts ) { opkt.dts = 0; - audio_first_dts = ipkt->dts; + video_first_dts = ipkt->dts; } else { opkt.dts = av_rescale_q( - ipkt->dts - audio_first_dts, + ipkt->dts - video_first_dts, AV_TIME_BASE_Q, //audio_in_stream->time_base, audio_out_stream->time_base); Debug(2, "opkt.dts = %" PRId64 " from ipkt.dts(%" PRId64 ") - first_dts(%" PRId64 ")", - opkt.dts, ipkt->dts, audio_first_dts); + opkt.dts, ipkt->dts, video_first_dts); } audio_last_dts = ipkt->dts; } else { @@ -1200,12 +1202,12 @@ int VideoStore::resample_audio() { #if 0 // out_frame pts is in the input pkt pts... needs to be adjusted before sending to the encoder if ( out_frame->pts != AV_NOPTS_VALUE ) { - if ( !audio_first_pts ) { - audio_first_pts = out_frame->pts; - Debug(1, "No audio_first_pts setting to %" PRId64, audio_first_pts); + if ( !video_first_pts ) { + video_first_pts = out_frame->pts; + Debug(1, "No video_first_pts setting to %" PRId64, video_first_pts); out_frame->pts = 0; } else { - out_frame->pts = out_frame->pts - audio_first_pts; + out_frame->pts = out_frame->pts - video_first_pts; } // } else { From 55d98e4a9f66d0f60317727cb171105906f547ec Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 20 Jun 2019 15:56:25 -0400 Subject: [PATCH 205/360] fix crash --- src/zm_videostore.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 5b12e5bc5..6f2bb3afc 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -371,7 +371,7 @@ VideoStore::VideoStore( audio_out_ctx->codec_tag = 0; #endif - audio_out_ctx->frame_size = audio_in_ctx->frame_size; + //audio_out_ctx->frame_size = audio_in_ctx->frame_size; if ( audio_out_ctx->channels > 1 ) { Warning("Audio isn't mono, changing it."); From 5a0b30efd594f23a457177a995d16a2e455d52df Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 21 Jun 2019 10:19:48 -0400 Subject: [PATCH 206/360] escape $ --- utils/generate_apache_config.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/generate_apache_config.pl b/utils/generate_apache_config.pl index 664b4c819..9dce04e9d 100755 --- a/utils/generate_apache_config.pl +++ b/utils/generate_apache_config.pl @@ -102,14 +102,14 @@ Alias /zm /usr/share/zoneminder/www # Parameters not set here are inherited from the parent directive above. RewriteEngine on - RewriteRule ^$ app/webroot/ [L] + RewriteRule ^\$ app/webroot/ [L] RewriteRule (.*) app/webroot/$1 [L] RewriteBase /zm/api RewriteEngine on - RewriteRule ^$ webroot/ [L] + RewriteRule ^\$ webroot/ [L] RewriteRule (.*) webroot/$1 [L] RewriteBase /zm/api From ad1df8f80a250c05cd8808e34bdd782a57f62592 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 21 Jun 2019 11:40:46 -0400 Subject: [PATCH 207/360] log the response if command fails, and add missing uthentication sections --- .../ZoneMinder/lib/ZoneMinder/Control/Netcat.pm | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Control/Netcat.pm b/scripts/ZoneMinder/lib/ZoneMinder/Control/Netcat.pm index 2d9573299..11d6ba9b3 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Control/Netcat.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Control/Netcat.pm @@ -96,8 +96,7 @@ sub open { $self->{state} = 'open'; } -sub parseControlAddress -{ +sub parseControlAddress { my $controlAddress = shift; my ($usernamepassword, $addressport) = split /@/, $controlAddress; if ( !defined $addressport ) { @@ -105,7 +104,7 @@ sub parseControlAddress $addressport = $usernamepassword; } else { my ($username , $password) = split /:/, $usernamepassword; - %identity = (username => "$username", password => "$password"); + %identity = (username => $username, password => $password); } ($address, $port) = split /:/, $addressport; } @@ -118,12 +117,11 @@ sub digestBase64 return encode_base64($shaGenerator->digest, ""); } -sub authentificationHeader -{ +sub authentificationHeader { my ($username, $password) = @_; my $nonce; $nonce .= chr(int(rand(254))) for (0 .. 20); - my $nonceBase64 = encode_base64($nonce, ""); + my $nonceBase64 = encode_base64($nonce, ''); my $currentDate = DateTime->now()->iso8601().'Z'; return '' . $username . '' . digestBase64($nonce, $currentDate, $password) . '' . $nonceBase64 . '' . $currentDate . ''; @@ -160,7 +158,7 @@ sub sendCmd { if ( $res->is_success ) { $result = !undef; } else { - Error("After sending PTZ command, camera returned the following error:'".$res->status_line()."'"); + Error("After sending PTZ command, camera returned the following error:'".$res->status_line()."'\nMSG:$msg\nResponse:".$res->content); } return $result; } @@ -236,7 +234,7 @@ sub moveConDown { Debug('Move Down'); my $self = shift; my $cmd = 'onvif/PTZ'; - my $msg ='' . $profileToken . ''; + my $msg =''.((%identity) ? authentificationHeader($identity{username}, $identity{password}) : '').'' . $profileToken . ''; my $content_type = 'application/soap+xml; charset=utf-8; action="http://www.onvif.org/ver20/ptz/wsdl/ContinuousMove"'; $self->sendCmd($cmd, $msg, $content_type); $self->autoStop($self->{Monitor}->{AutoStopTimeout}); @@ -316,7 +314,7 @@ sub moveConUpLeft { Debug('Move Diagonally Up Left'); my $self = shift; my $cmd = 'onvif/PTZ'; - my $msg ='' . $profileToken . ''; + my $msg =''.((%identity) ? authentificationHeader($identity{username}, $identity{password}) : '').'' . $profileToken . ''; my $content_type = 'application/soap+xml; charset=utf-8; action="http://www.onvif.org/ver20/ptz/wsdl/ContinuousMove"'; $self->sendCmd($cmd, $msg, $content_type); $self->autoStop($self->{Monitor}->{AutoStopTimeout}); From 60618d5998bd7ae1aa16d583c86f75ab54a6cdf6 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 21 Jun 2019 11:45:33 -0400 Subject: [PATCH 208/360] Fix hour subtraction in getAuthUser to actually subtract an hour --- web/includes/auth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index c8ce0454a..b8005ad2f 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -285,7 +285,7 @@ function getAuthUser($auth, $from_api_layer = false) { foreach ( dbFetchAll($sql, NULL, $values) as $user ) { $now = time(); - for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= ZM_AUTH_HASH_TTL * 1800 ) { // Try for last two hours + for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= 3600 ) { // Try for last TTL hours $time = localtime($now); $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5]; $authHash = md5($authKey); @@ -315,6 +315,7 @@ function generateAuthHash($useRemoteAddr, $force=false) { if ( ZM_OPT_USE_AUTH and (ZM_AUTH_RELAY == 'hashed') and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) { $time = time(); + # We use 1800 so that we regenerate the hash at half the TTL $mintime = $time - ( ZM_AUTH_HASH_TTL * 1800 ); if ( $force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime ) ) { From 85b9b045cc43ccf38a9703ba6a826f850d8c340b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 21 Jun 2019 12:42:26 -0400 Subject: [PATCH 209/360] Copy Profile Token to ControlDevice for use with Netcat PTZ script --- web/skins/classic/views/onvifprobe.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web/skins/classic/views/onvifprobe.php b/web/skins/classic/views/onvifprobe.php index ed4dce6e3..e1c4c8ef7 100644 --- a/web/skins/classic/views/onvifprobe.php +++ b/web/skins/classic/views/onvifprobe.php @@ -86,7 +86,7 @@ function probeCameras( $localIp ) { function probeProfiles( $device_ep, $soapversion, $username, $password ) { $profiles = array(); - if ( $lines = @execONVIF( "profiles $device_ep $soapversion $username $password" ) ) { + if ( $lines = @execONVIF("profiles $device_ep $soapversion $username $password") ) { foreach ( $lines as $line ) { $line = rtrim( $line ); if ( preg_match('|^(.+),\s*(.+),\s*(.+),\s*(.+),\s*(.+),\s*(.+),\s*(.+)\s*$|', $line, $matches) ) { @@ -234,6 +234,7 @@ if ( !isset($_REQUEST['step']) || ($_REQUEST['step'] == '1') ) { // $monitor['MaxFPS'] = $profile['MaxFPS']; // $monitor['AlarmMaxFPS'] = $profile['AlarmMaxFPS']; $monitor['Path'] = $profile['Path']; + $monitor['ControlDevice'] = $profile['Profile']; # Netcat needs this for ProfileToken $sourceDesc = base64_encode(json_encode($monitor)); $profiles[$sourceDesc] = $sourceString; } From 38bcdbbffe1790971b8624d892616e74eca915b3 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 21 Jun 2019 18:04:39 -0400 Subject: [PATCH 210/360] ONly close session if we opened it in generateAuthHash, only try to validate auth hash if it is set in the session --- web/includes/auth.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index b8005ad2f..b6213e061 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -263,7 +263,7 @@ function validateToken ($token, $allowed_token_type='access', $from_api_layer=fa } // end function validateToken($token, $allowed_token_type='access') function getAuthUser($auth, $from_api_layer = false) { - if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' && !empty($auth) ) { + if ( ZM_OPT_USE_AUTH && (ZM_AUTH_RELAY == 'hashed') && !empty($auth) ) { $remoteAddr = ''; if ( ZM_AUTH_HASH_IPS ) { $remoteAddr = $_SERVER['REMOTE_ADDR']; @@ -336,7 +336,8 @@ function generateAuthHash($useRemoteAddr, $force=false) { } $_SESSION['AuthHash'.$_SESSION['remoteAddr']] = $auth; $_SESSION['AuthHashGeneratedAt'] = $time; - session_write_close(); + if ( $close_session ) + session_write_close(); #ZM\Logger::Debug("Generated new auth $auth at " . $_SESSION['AuthHashGeneratedAt']. " using $authKey" ); #} else { #ZM\Logger::Debug("Using cached auth " . $_SESSION['AuthHash'] ." beacuse generatedat:" . $_SESSION['AuthHashGeneratedAt'] . ' < now:'. $time . ' - ' . ZM_AUTH_HASH_TTL . ' * 1800 = '. $mintime); @@ -376,7 +377,8 @@ if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_HASH_LOGINS and (ZM_AUTH_RELAY == 'hashed') ) { # Extra validation, if logged in, then the auth hash will be set in the session, so we can validate it. # This prevent session modification to switch users - $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]); + if ( $_SESSION['AuthHash'.$_SESSION['remoteAddr']] ) + $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]); } else { # Need to refresh permissions and validate that the user still exists $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; @@ -396,6 +398,7 @@ if ( ZM_OPT_USE_AUTH ) { } } else if ( isset($_REQUEST['username']) and isset($_REQUEST['password']) ) { userLogin($_REQUEST['username'], $_REQUEST['password'], false); + # Because it might have migrated the password we need to update the hash generateAuthHash(ZM_AUTH_HASH_IPS, true); } From 46032385fe6c7c57bb6fb7adef6d1de4ad8adc89 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sat, 22 Jun 2019 14:10:55 -0400 Subject: [PATCH 211/360] fix viewport on mobile. Fix duplicated css when selected css is base --- web/skins/classic/includes/functions.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index fc62a504c..48632d59f 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -58,6 +58,7 @@ function xhtmlHeaders($file, $title) { + <?php echo validHtmlStr(ZM_WEB_TITLE_PREFIX); ?> - <?php echo validHtmlStr($title) ?> From 8b37c0e9b04f955a0a43c4d366751f1c71662104 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sun, 23 Jun 2019 12:12:12 -0500 Subject: [PATCH 212/360] remove bcrypt & jwt-cpp as submodules, bring in statically under src --- .gitmodules | 6 - CMakeLists.txt | 2 +- src/CMakeLists.txt | 6 +- src/bcrypt/CMakeLists.txt | 90 + src/bcrypt/LICENSE | 22 + src/bcrypt/README.md | 40 + src/bcrypt/include/bcrypt/BCrypt.hpp | 32 + src/bcrypt/include/bcrypt/bcrypt.h | 97 + src/bcrypt/include/bcrypt/crypt.h | 24 + src/bcrypt/include/bcrypt/crypt_blowfish.h | 27 + src/bcrypt/include/bcrypt/crypt_gensalt.h | 30 + src/bcrypt/include/bcrypt/ow-crypt.h | 43 + src/bcrypt/include/bcrypt/winbcrypt.h | 27 + src/bcrypt/src/bcrypt.c | 230 ++ src/bcrypt/src/crypt_blowfish.c | 911 ++++++ src/bcrypt/src/crypt_gensalt.c | 128 + src/bcrypt/src/main.cpp | 19 + src/bcrypt/src/wrapper.c | 563 ++++ src/bcrypt/src/x86.S | 202 ++ src/bcrypt/vs2017/libbcrypt/libbcrypt.sln | 41 + src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj | 135 + .../libbcrypt/libbcrypt.vcxproj.filters | 54 + src/bcrypt/vs2017/test/main.cpp | 22 + src/bcrypt/vs2017/test/test.vcxproj | 131 + src/bcrypt/vs2017/test/test.vcxproj.filters | 22 + src/jwt-cpp/BaseTest.cpp | 30 + src/jwt-cpp/ClaimTest.cpp | 33 + src/jwt-cpp/Doxyfile | 2494 +++++++++++++++++ src/jwt-cpp/HelperTest.cpp | 55 + src/jwt-cpp/LICENSE | 21 + src/jwt-cpp/README.md | 98 + src/jwt-cpp/TestMain.cpp | 7 + src/jwt-cpp/TokenFormatTest.cpp | 15 + src/jwt-cpp/TokenTest.cpp | 420 +++ src/jwt-cpp/include/jwt-cpp/base.h | 168 ++ src/jwt-cpp/include/jwt-cpp/jwt.h | 1593 +++++++++++ src/jwt-cpp/include/jwt-cpp/picojson.h | 1168 ++++++++ src/jwt-cpp/jwt-cpp.sln | 28 + src/jwt-cpp/jwt-cpp.vcxproj | 160 ++ src/jwt-cpp/jwt-cpp.vcxproj.filters | 36 + src/jwt-cpp/vcpkg/CONTROL | 3 + src/jwt-cpp/vcpkg/fix-picojson.patch | 12 + src/jwt-cpp/vcpkg/fix-warning.patch | 31 + src/jwt-cpp/vcpkg/portfile.cmake | 23 + third_party/bcrypt | 1 - third_party/jwt-cpp | 1 - 46 files changed, 9289 insertions(+), 12 deletions(-) create mode 100644 src/bcrypt/CMakeLists.txt create mode 100644 src/bcrypt/LICENSE create mode 100644 src/bcrypt/README.md create mode 100644 src/bcrypt/include/bcrypt/BCrypt.hpp create mode 100644 src/bcrypt/include/bcrypt/bcrypt.h create mode 100644 src/bcrypt/include/bcrypt/crypt.h create mode 100644 src/bcrypt/include/bcrypt/crypt_blowfish.h create mode 100644 src/bcrypt/include/bcrypt/crypt_gensalt.h create mode 100644 src/bcrypt/include/bcrypt/ow-crypt.h create mode 100644 src/bcrypt/include/bcrypt/winbcrypt.h create mode 100644 src/bcrypt/src/bcrypt.c create mode 100644 src/bcrypt/src/crypt_blowfish.c create mode 100644 src/bcrypt/src/crypt_gensalt.c create mode 100644 src/bcrypt/src/main.cpp create mode 100644 src/bcrypt/src/wrapper.c create mode 100644 src/bcrypt/src/x86.S create mode 100644 src/bcrypt/vs2017/libbcrypt/libbcrypt.sln create mode 100644 src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj create mode 100644 src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj.filters create mode 100644 src/bcrypt/vs2017/test/main.cpp create mode 100644 src/bcrypt/vs2017/test/test.vcxproj create mode 100644 src/bcrypt/vs2017/test/test.vcxproj.filters create mode 100644 src/jwt-cpp/BaseTest.cpp create mode 100644 src/jwt-cpp/ClaimTest.cpp create mode 100644 src/jwt-cpp/Doxyfile create mode 100644 src/jwt-cpp/HelperTest.cpp create mode 100644 src/jwt-cpp/LICENSE create mode 100644 src/jwt-cpp/README.md create mode 100644 src/jwt-cpp/TestMain.cpp create mode 100644 src/jwt-cpp/TokenFormatTest.cpp create mode 100644 src/jwt-cpp/TokenTest.cpp create mode 100644 src/jwt-cpp/include/jwt-cpp/base.h create mode 100644 src/jwt-cpp/include/jwt-cpp/jwt.h create mode 100644 src/jwt-cpp/include/jwt-cpp/picojson.h create mode 100644 src/jwt-cpp/jwt-cpp.sln create mode 100644 src/jwt-cpp/jwt-cpp.vcxproj create mode 100644 src/jwt-cpp/jwt-cpp.vcxproj.filters create mode 100644 src/jwt-cpp/vcpkg/CONTROL create mode 100644 src/jwt-cpp/vcpkg/fix-picojson.patch create mode 100644 src/jwt-cpp/vcpkg/fix-warning.patch create mode 100644 src/jwt-cpp/vcpkg/portfile.cmake delete mode 160000 third_party/bcrypt delete mode 160000 third_party/jwt-cpp diff --git a/.gitmodules b/.gitmodules index b64d78997..eb0e282a2 100644 --- a/.gitmodules +++ b/.gitmodules @@ -5,9 +5,3 @@ [submodule "web/api/app/Plugin/CakePHP-Enum-Behavior"] path = web/api/app/Plugin/CakePHP-Enum-Behavior url = https://github.com/ZoneMinder/CakePHP-Enum-Behavior.git -[submodule "third_party/bcrypt"] - path = third_party/bcrypt - url = https://github.com/ZoneMinder/libbcrypt -[submodule "third_party/jwt-cpp"] - path = third_party/jwt-cpp - url = https://github.com/Thalhammer/jwt-cpp diff --git a/CMakeLists.txt b/CMakeLists.txt index 85e17fccc..0b8c9572a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -876,7 +876,7 @@ ADD_MANPAGE_TARGET() # build a bcrypt static library set(BUILD_SHARED_LIBS_SAVED "${BUILD_SHARED_LIBS}") set(BUILD_SHARED_LIBS OFF) -add_subdirectory(third_party/bcrypt) +add_subdirectory(src/bcrypt) set(BUILD_SHARED_LIBS "${BUILD_SHARED_LIBS_SAVED}") add_subdirectory(src) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 3628a4944..5b8660aad 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -9,7 +9,7 @@ set(ZM_BIN_SRC_FILES zm_box.cpp zm_buffer.cpp zm_camera.cpp zm_comms.cpp zm_conf # A fix for cmake recompiling the source files for every target. add_library(zm STATIC ${ZM_BIN_SRC_FILES}) -link_directories(../third_party/bcrypt) +link_directories(bcrypt) add_executable(zmc zmc.cpp) add_executable(zma zma.cpp) @@ -17,8 +17,8 @@ add_executable(zmu zmu.cpp) add_executable(zms zms.cpp) # JWT is a header only library. -include_directories(../third_party/bcrypt/include/bcrypt) -include_directories(../third_party/jwt-cpp/include/jwt-cpp) +include_directories(bcrypt/include/bcrypt) +include_directories(jwt-cpp/include/jwt-cpp) target_link_libraries(zmc zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) target_link_libraries(zma zm ${ZM_EXTRA_LIBS} ${ZM_BIN_LIBS}) diff --git a/src/bcrypt/CMakeLists.txt b/src/bcrypt/CMakeLists.txt new file mode 100644 index 000000000..a0883eec5 --- /dev/null +++ b/src/bcrypt/CMakeLists.txt @@ -0,0 +1,90 @@ +################################################################################### +# +# Copyright (c) 2014, webvariants GmbH, http://www.webvariants.de +# +# This file is released under the terms of the MIT license. You can find the +# complete text in the attached LICENSE file or online at: +# +# http://www.opensource.org/licenses/mit-license.php +# +# @author: Tino Rusch (tino.rusch@webvariants.de) +# +################################################################################### + +cmake_minimum_required(VERSION 2.8 FATAL_ERROR) + +project(bcrypt) + +enable_language(ASM) + +set(MYLIB_VERSION_MAJOR 1) +set(MYLIB_VERSION_MINOR 0) +set(MYLIB_VERSION_PATCH 0) +set(MYLIB_VERSION_STRING ${MYLIB_VERSION_MAJOR}.${MYLIB_VERSION_MINOR}.${MYLIB_VERSION_PATCH}) + +# just doing cmake . will build a shared or static lib and honor existing environment setting +# to force build static, cmake . -DBUILD_SHARED_LIBS=Off +# to force build shared, cmake . -DBUILD_SHARED_LIBS=On + +if (NOT BUILD_SHARED_LIBS) + message ("Building a static library") +else () + message ("Building a shared library") +endif () + + +set( CMAKE_COLOR_MAKEFILE ON ) + +set( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall --std=c++11 -O3" ) +set( CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -O3" ) + +set( CMAKE_ASM_FLAGS "${CXXFLAGS} -x assembler-with-cpp") + +set( SRCFILES + ${CMAKE_CURRENT_SOURCE_DIR}/src/bcrypt.c + ${CMAKE_CURRENT_SOURCE_DIR}/src/crypt_blowfish.c + ${CMAKE_CURRENT_SOURCE_DIR}/src/crypt_gensalt.c + ${CMAKE_CURRENT_SOURCE_DIR}/src/wrapper.c + ${CMAKE_CURRENT_SOURCE_DIR}/src/x86.S +) + +include_directories( ${CMAKE_CURRENT_SOURCE_DIR}/include/bcrypt) +include_directories( ${CMAKE_CURRENT_SOURCE_DIR}/include) + +add_library( + ${PROJECT_NAME} + ${SRCFILES} +) + +set_target_properties(${PROJECT_NAME} PROPERTIES VERSION ${MYLIB_VERSION_STRING} SOVERSION ${MYLIB_VERSION_MAJOR}) + +set_target_properties(${PROJECT_NAME} PROPERTIES PUBLIC_HEADER include/bcrypt/BCrypt.hpp) + +target_include_directories(${PROJECT_NAME} PRIVATE include) +target_include_directories(${PROJECT_NAME} PRIVATE src) + +add_executable( ${PROJECT_NAME}_test ${CMAKE_CURRENT_SOURCE_DIR}/src/main.cpp) + +target_link_libraries( ${PROJECT_NAME}_test ${PROJECT_NAME}) + +include(GNUInstallDirs) + +install(TARGETS ${PROJECT_NAME} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + RUNTIME DESTINATION ${CMAKE_INSTALL_LIBDIR} + PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/bcrypt) + +install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + FILES_MATCHING PATTERN "*.h") + +SET(CPACK_GENERATOR "DEB") +SET(CPACK_SET_DESTDIR ON) + +SET(CPACK_DEBIAN_PACKAGE_MAINTAINER "Manuel Romei") +SET(CPACK_PACKAGE_VERSION "1.0.0") +SET(CPACK_PACKAGE_VERSION_MAJOR "1") +SET(CPACK_PACKAGE_VERSION_MINOR "0") +SET(CPACK_PACKAGE_VERSION_PATCH "0") + +INCLUDE(CPack) diff --git a/src/bcrypt/LICENSE b/src/bcrypt/LICENSE new file mode 100644 index 000000000..b6f2adb23 --- /dev/null +++ b/src/bcrypt/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2015 trusch + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/src/bcrypt/README.md b/src/bcrypt/README.md new file mode 100644 index 000000000..98339fc5d --- /dev/null +++ b/src/bcrypt/README.md @@ -0,0 +1,40 @@ +# libbcrypt +A c++ wrapper around bcrypt password hashing + +## How to build this +This is a CMake based project: + +```bash +git clone https://github.com/trusch/libbcrypt +cd libbcrypt +mkdir build +cd build +cmake .. +make +sudo make install +sudo ldconfig +``` + +## How to use this + +Here an example how to use this wrapper class (you can find it in the src/ subdirectory) + +```cpp +#include "bcrypt/BCrypt.hpp" +#include + +int main(){ + BCrypt bcrypt; + std::string password = "test"; + std::string hash = bcrypt.generateHash(password); + std::cout< +#include + +class BCrypt { +public: + static std::string generateHash(const std::string & password, int workload = 12){ + char salt[BCRYPT_HASHSIZE]; + char hash[BCRYPT_HASHSIZE]; + int ret; + ret = bcrypt_gensalt(workload, salt); + if(ret != 0)throw std::runtime_error{"bcrypt: can not generate salt"}; + ret = bcrypt_hashpw(password.c_str(), salt, hash); + if(ret != 0)throw std::runtime_error{"bcrypt: can not generate hash"}; + return std::string{hash}; + } + + static bool validatePassword(const std::string & password, const std::string & hash){ + return (bcrypt_checkpw(password.c_str(), hash.c_str()) == 0); + } +}; + +#endif + +#endif // __BCRYPT__ diff --git a/src/bcrypt/include/bcrypt/bcrypt.h b/src/bcrypt/include/bcrypt/bcrypt.h new file mode 100644 index 000000000..e45b3ca13 --- /dev/null +++ b/src/bcrypt/include/bcrypt/bcrypt.h @@ -0,0 +1,97 @@ +#ifndef BCRYPT_H_ +#define BCRYPT_H_ +/* + * bcrypt wrapper library + * + * Written in 2011, 2013, 2014, 2015 by Ricardo Garcia + * + * To the extent possible under law, the author(s) have dedicated all copyright + * and related and neighboring rights to this software to the public domain + * worldwide. This software is distributed without any warranty. + * + * You should have received a copy of the CC0 Public Domain Dedication along + * with this software. If not, see + * . + */ + +#define BCRYPT_HASHSIZE (64) + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * This function expects a work factor between 4 and 31 and a char array to + * store the resulting generated salt. The char array should typically have + * BCRYPT_HASHSIZE bytes at least. If the provided work factor is not in the + * previous range, it will default to 12. + * + * The return value is zero if the salt could be correctly generated and + * nonzero otherwise. + * + */ +int bcrypt_gensalt(int workfactor, char salt[BCRYPT_HASHSIZE]); + +/* + * This function expects a password to be hashed, a salt to hash the password + * with and a char array to leave the result. Both the salt and the hash + * parameters should have room for BCRYPT_HASHSIZE characters at least. + * + * It can also be used to verify a hashed password. In that case, provide the + * expected hash in the salt parameter and verify the output hash is the same + * as the input hash. However, to avoid timing attacks, it's better to use + * bcrypt_checkpw when verifying a password. + * + * The return value is zero if the password could be hashed and nonzero + * otherwise. + */ +int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE], + char hash[BCRYPT_HASHSIZE]); + +/* + * This function expects a password and a hash to verify the password against. + * The internal implementation is tuned to avoid timing attacks. + * + * The return value will be -1 in case of errors, zero if the provided password + * matches the given hash and greater than zero if no errors are found and the + * passwords don't match. + * + */ +int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE]); + +/* + * Brief Example + * ------------- + * + * Hashing a password: + * + * char salt[BCRYPT_HASHSIZE]; + * char hash[BCRYPT_HASHSIZE]; + * int ret; + * + * ret = bcrypt_gensalt(12, salt); + * assert(ret == 0); + * ret = bcrypt_hashpw("thepassword", salt, hash); + * assert(ret == 0); + * + * + * Verifying a password: + * + * int ret; + * + * ret = bcrypt_checkpw("thepassword", "expectedhash"); + * assert(ret != -1); + * + * if (ret == 0) { + * printf("The password matches\n"); + * } else { + * printf("The password does NOT match\n"); + * } + * + */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/bcrypt/include/bcrypt/crypt.h b/src/bcrypt/include/bcrypt/crypt.h new file mode 100644 index 000000000..12e67055b --- /dev/null +++ b/src/bcrypt/include/bcrypt/crypt.h @@ -0,0 +1,24 @@ +/* + * Written by Solar Designer in 2000-2002. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 2000-2002 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See crypt_blowfish.c for more information. + */ + +#include + +#if defined(_OW_SOURCE) || defined(__USE_OW) +#define __SKIP_GNU +#undef __SKIP_OW +#include +#undef __SKIP_GNU +#endif diff --git a/src/bcrypt/include/bcrypt/crypt_blowfish.h b/src/bcrypt/include/bcrypt/crypt_blowfish.h new file mode 100644 index 000000000..2ee0d8c1d --- /dev/null +++ b/src/bcrypt/include/bcrypt/crypt_blowfish.h @@ -0,0 +1,27 @@ +/* + * Written by Solar Designer in 2000-2011. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See crypt_blowfish.c for more information. + */ + +#ifndef _CRYPT_BLOWFISH_H +#define _CRYPT_BLOWFISH_H + +extern int _crypt_output_magic(const char *setting, char *output, int size); +extern char *_crypt_blowfish_rn(const char *key, const char *setting, + char *output, int size); +extern char *_crypt_gensalt_blowfish_rn(const char *prefix, + unsigned long count, + const char *input, int size, char *output, int output_size); + +#endif diff --git a/src/bcrypt/include/bcrypt/crypt_gensalt.h b/src/bcrypt/include/bcrypt/crypt_gensalt.h new file mode 100644 index 000000000..457bbfe29 --- /dev/null +++ b/src/bcrypt/include/bcrypt/crypt_gensalt.h @@ -0,0 +1,30 @@ +/* + * Written by Solar Designer in 2000-2011. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See crypt_blowfish.c for more information. + */ + +#ifndef _CRYPT_GENSALT_H +#define _CRYPT_GENSALT_H + +extern unsigned char _crypt_itoa64[]; +extern char *_crypt_gensalt_traditional_rn(const char *prefix, + unsigned long count, + const char *input, int size, char *output, int output_size); +extern char *_crypt_gensalt_extended_rn(const char *prefix, + unsigned long count, + const char *input, int size, char *output, int output_size); +extern char *_crypt_gensalt_md5_rn(const char *prefix, unsigned long count, + const char *input, int size, char *output, int output_size); + +#endif diff --git a/src/bcrypt/include/bcrypt/ow-crypt.h b/src/bcrypt/include/bcrypt/ow-crypt.h new file mode 100644 index 000000000..2c8ddf8f6 --- /dev/null +++ b/src/bcrypt/include/bcrypt/ow-crypt.h @@ -0,0 +1,43 @@ +/* + * Written by Solar Designer in 2000-2011. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See crypt_blowfish.c for more information. + */ + +#ifndef _OW_CRYPT_H +#define _OW_CRYPT_H + +#ifndef __GNUC__ +#undef __const +#define __const const +#endif + +#ifndef __SKIP_GNU +extern char *crypt(__const char *key, __const char *setting); +extern char *crypt_r(__const char *key, __const char *setting, void *data); +#endif + +#ifndef __SKIP_OW +extern char *crypt_rn(__const char *key, __const char *setting, + void *data, int size); +extern char *crypt_ra(__const char *key, __const char *setting, + void **data, int *size); +extern char *crypt_gensalt(__const char *prefix, unsigned long count, + __const char *input, int size); +extern char *crypt_gensalt_rn(__const char *prefix, unsigned long count, + __const char *input, int size, char *output, int output_size); +extern char *crypt_gensalt_ra(__const char *prefix, unsigned long count, + __const char *input, int size); +#endif + +#endif diff --git a/src/bcrypt/include/bcrypt/winbcrypt.h b/src/bcrypt/include/bcrypt/winbcrypt.h new file mode 100644 index 000000000..703ecd211 --- /dev/null +++ b/src/bcrypt/include/bcrypt/winbcrypt.h @@ -0,0 +1,27 @@ +#ifndef __WIN_BCRYPT__H +#define __WIN_BCRYPT__H + +#include + +#include "crypt_blowfish.h" +#include "./bcrypt.h" + +class BCrypt { +public: + static std::string generateHash(const std::string & password, int workload = 12) { + char salt[BCRYPT_HASHSIZE]; + char hash[BCRYPT_HASHSIZE]; + int ret; + ret = bcrypt_gensalt(workload, salt); + if (ret != 0)throw std::runtime_error{ "bcrypt: can not generate salt" }; + ret = bcrypt_hashpw(password.c_str(), salt, hash); + if (ret != 0)throw std::runtime_error{ "bcrypt: can not generate hash" }; + return std::string{ hash }; + } + + static bool validatePassword(const std::string & password, const std::string & hash) { + return (bcrypt_checkpw(password.c_str(), hash.c_str()) == 0); + } +}; + +#endif \ No newline at end of file diff --git a/src/bcrypt/src/bcrypt.c b/src/bcrypt/src/bcrypt.c new file mode 100644 index 000000000..c32b51b0b --- /dev/null +++ b/src/bcrypt/src/bcrypt.c @@ -0,0 +1,230 @@ +/* + * bcrypt wrapper library + * + * Written in 2011, 2013, 2014, 2015 by Ricardo Garcia + * + * To the extent possible under law, the author(s) have dedicated all copyright + * and related and neighboring rights to this software to the public domain + * worldwide. This software is distributed without any warranty. + * + * You should have received a copy of the CC0 Public Domain Dedication along + * with this software. If not, see + * . + */ +#include +#include +#include +#include +#ifdef _WIN32 +#elif _WIN64 +#else +#include +#endif +#include + +#ifdef _WIN32 || _WIN64 +// On windows we need to generate random bytes differently. +typedef __int64 ssize_t; +#define BCRYPT_HASHSIZE 60 + +#include "../include/bcrypt/bcrypt.h" + +#include +#include /* CryptAcquireContext, CryptGenRandom */ +#else +#include "bcrypt.h" +#include "ow-crypt.h" +#endif + +#define RANDBYTES (16) + +static int try_close(int fd) +{ + int ret; + for (;;) { + errno = 0; + ret = close(fd); + if (ret == -1 && errno == EINTR) + continue; + break; + } + return ret; +} + +static int try_read(int fd, char *out, size_t count) +{ + size_t total; + ssize_t partial; + + total = 0; + while (total < count) + { + for (;;) { + errno = 0; + partial = read(fd, out + total, count - total); + if (partial == -1 && errno == EINTR) + continue; + break; + } + + if (partial < 1) + return -1; + + total += partial; + } + + return 0; +} + +/* + * This is a best effort implementation. Nothing prevents a compiler from + * optimizing this function and making it vulnerable to timing attacks, but + * this method is commonly used in crypto libraries like NaCl. + * + * Return value is zero if both strings are equal and nonzero otherwise. +*/ +static int timing_safe_strcmp(const char *str1, const char *str2) +{ + const unsigned char *u1; + const unsigned char *u2; + int ret; + int i; + + int len1 = strlen(str1); + int len2 = strlen(str2); + + /* In our context both strings should always have the same length + * because they will be hashed passwords. */ + if (len1 != len2) + return 1; + + /* Force unsigned for bitwise operations. */ + u1 = (const unsigned char *)str1; + u2 = (const unsigned char *)str2; + + ret = 0; + for (i = 0; i < len1; ++i) + ret |= (u1[i] ^ u2[i]); + + return ret; +} + +int bcrypt_gensalt(int factor, char salt[BCRYPT_HASHSIZE]) +{ + int fd; + char input[RANDBYTES]; + int workf; + char *aux; + + // Note: Windows does not have /dev/urandom sadly. +#ifdef _WIN32 || _WIN64 + HCRYPTPROV p; + ULONG i; + + // Acquire a crypt context for generating random bytes. + if (CryptAcquireContext(&p, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) { + return 1; + } + + if (CryptGenRandom(p, RANDBYTES, (BYTE*)input) == FALSE) { + return 2; + } + + if (CryptReleaseContext(p, 0) == FALSE) { + return 3; + } +#else + // Get random bytes on Unix/Linux. + fd = open("/dev/urandom", O_RDONLY); + if (fd == -1) + return 1; + + if (try_read(fd, input, RANDBYTES) != 0) { + if (try_close(fd) != 0) + return 4; + return 2; + } + + if (try_close(fd) != 0) + return 3; +#endif + + /* Generate salt. */ + workf = (factor < 4 || factor > 31)?12:factor; + aux = crypt_gensalt_rn("$2a$", workf, input, RANDBYTES, + salt, BCRYPT_HASHSIZE); + return (aux == NULL)?5:0; +} + +int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE], char hash[BCRYPT_HASHSIZE]) +{ + char *aux; + aux = crypt_rn(passwd, salt, hash, BCRYPT_HASHSIZE); + return (aux == NULL)?1:0; +} + +int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE]) +{ + int ret; + char outhash[BCRYPT_HASHSIZE]; + + ret = bcrypt_hashpw(passwd, hash, outhash); + if (ret != 0) + return -1; + + return timing_safe_strcmp(hash, outhash); +} + +#ifdef TEST_BCRYPT +#include +#include +#include +#include + +int main(void) +{ + clock_t before; + clock_t after; + char salt[BCRYPT_HASHSIZE]; + char hash[BCRYPT_HASHSIZE]; + int ret; + + const char pass[] = "hi,mom"; + const char hash1[] = "$2a$10$VEVmGHy4F4XQMJ3eOZJAUeb.MedU0W10pTPCuf53eHdKJPiSE8sMK"; + const char hash2[] = "$2a$10$3F0BVk5t8/aoS.3ddaB3l.fxg5qvafQ9NybxcpXLzMeAt.nVWn.NO"; + + ret = bcrypt_gensalt(12, salt); + assert(ret == 0); + printf("Generated salt: %s\n", salt); + before = clock(); + ret = bcrypt_hashpw("testtesttest", salt, hash); + assert(ret == 0); + after = clock(); + printf("Hashed password: %s\n", hash); + printf("Time taken: %f seconds\n", + (double)(after - before) / CLOCKS_PER_SEC); + + ret = bcrypt_hashpw(pass, hash1, hash); + assert(ret == 0); + printf("First hash check: %s\n", (strcmp(hash1, hash) == 0)?"OK":"FAIL"); + ret = bcrypt_hashpw(pass, hash2, hash); + assert(ret == 0); + printf("Second hash check: %s\n", (strcmp(hash2, hash) == 0)?"OK":"FAIL"); + + before = clock(); + ret = (bcrypt_checkpw(pass, hash1) == 0); + after = clock(); + printf("First hash check with bcrypt_checkpw: %s\n", ret?"OK":"FAIL"); + printf("Time taken: %f seconds\n", + (double)(after - before) / CLOCKS_PER_SEC); + + before = clock(); + ret = (bcrypt_checkpw(pass, hash2) == 0); + after = clock(); + printf("Second hash check with bcrypt_checkpw: %s\n", ret?"OK":"FAIL"); + printf("Time taken: %f seconds\n", + (double)(after - before) / CLOCKS_PER_SEC); + + return 0; +} +#endif diff --git a/src/bcrypt/src/crypt_blowfish.c b/src/bcrypt/src/crypt_blowfish.c new file mode 100644 index 000000000..0fa55ea07 --- /dev/null +++ b/src/bcrypt/src/crypt_blowfish.c @@ -0,0 +1,911 @@ +/* + * The crypt_blowfish homepage is: + * + * http://www.openwall.com/crypt/ + * + * This code comes from John the Ripper password cracker, with reentrant + * and crypt(3) interfaces added, but optimizations specific to password + * cracking removed. + * + * Written by Solar Designer in 1998-2014. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 1998-2014 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * It is my intent that you should be able to use this on your system, + * as part of a software package, or anywhere else to improve security, + * ensure compatibility, or for any other purpose. I would appreciate + * it if you give credit where it is due and keep your modifications in + * the public domain as well, but I don't require that in order to let + * you place this code and any modifications you make under a license + * of your choice. + * + * This implementation is fully compatible with OpenBSD's bcrypt.c for prefix + * "$2b$", originally by Niels Provos , and it uses + * some of his ideas. The password hashing algorithm was designed by David + * Mazieres . For information on the level of + * compatibility for bcrypt hash prefixes other than "$2b$", please refer to + * the comments in BF_set_key() below and to the included crypt(3) man page. + * + * There's a paper on the algorithm that explains its design decisions: + * + * http://www.usenix.org/events/usenix99/provos.html + * + * Some of the tricks in BF_ROUND might be inspired by Eric Young's + * Blowfish library (I can't be sure if I would think of something if I + * hadn't seen his code). + */ + +#include + +#include +#ifndef __set_errno +#define __set_errno(val) errno = (val) +#endif + +/* Just to make sure the prototypes match the actual definitions */ +#ifdef _WIN32 || _WIN64 +#include "../include/bcrypt/crypt_blowfish.h" +#else +#include "crypt_blowfish.h" +#endif + +#ifdef __i386__ +#define BF_ASM 1 +#define BF_SCALE 1 +#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) +#define BF_ASM 0 +#define BF_SCALE 1 +#else +#define BF_ASM 0 +#define BF_SCALE 0 +#endif + +typedef unsigned int BF_word; +typedef signed int BF_word_signed; + +/* Number of Blowfish rounds, this is also hardcoded into a few places */ +#define BF_N 16 + +typedef BF_word BF_key[BF_N + 2]; + +typedef struct { + BF_word S[4][0x100]; + BF_key P; +} BF_ctx; + +/* + * Magic IV for 64 Blowfish encryptions that we do at the end. + * The string is "OrpheanBeholderScryDoubt" on big-endian. + */ +static BF_word BF_magic_w[6] = { + 0x4F727068, 0x65616E42, 0x65686F6C, + 0x64657253, 0x63727944, 0x6F756274 +}; + +/* + * P-box and S-box tables initialized with digits of Pi. + */ +static BF_ctx BF_init_state = { + { + { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a + }, { + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 + }, { + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 + }, { + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + } + }, { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b + } +}; + +static unsigned char BF_itoa64[64 + 1] = + "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; + +static unsigned char BF_atoi64[0x60] = { + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 0, 1, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 64, 64, 64, 64, 64, + 64, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 64, 64, 64, 64, 64, + 64, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, + 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 64, 64, 64, 64, 64 +}; + +#define BF_safe_atoi64(dst, src) \ +{ \ + tmp = (unsigned char)(src); \ + if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \ + tmp = BF_atoi64[tmp]; \ + if (tmp > 63) return -1; \ + (dst) = tmp; \ +} + +static int BF_decode(BF_word *dst, const char *src, int size) +{ + unsigned char *dptr = (unsigned char *)dst; + unsigned char *end = dptr + size; + const unsigned char *sptr = (const unsigned char *)src; + unsigned int tmp, c1, c2, c3, c4; + + do { + BF_safe_atoi64(c1, *sptr++); + BF_safe_atoi64(c2, *sptr++); + *dptr++ = (c1 << 2) | ((c2 & 0x30) >> 4); + if (dptr >= end) break; + + BF_safe_atoi64(c3, *sptr++); + *dptr++ = ((c2 & 0x0F) << 4) | ((c3 & 0x3C) >> 2); + if (dptr >= end) break; + + BF_safe_atoi64(c4, *sptr++); + *dptr++ = ((c3 & 0x03) << 6) | c4; + } while (dptr < end); + + return 0; +} + +static void BF_encode(char *dst, const BF_word *src, int size) +{ + const unsigned char *sptr = (const unsigned char *)src; + const unsigned char *end = sptr + size; + unsigned char *dptr = (unsigned char *)dst; + unsigned int c1, c2; + + do { + c1 = *sptr++; + *dptr++ = BF_itoa64[c1 >> 2]; + c1 = (c1 & 0x03) << 4; + if (sptr >= end) { + *dptr++ = BF_itoa64[c1]; + break; + } + + c2 = *sptr++; + c1 |= c2 >> 4; + *dptr++ = BF_itoa64[c1]; + c1 = (c2 & 0x0f) << 2; + if (sptr >= end) { + *dptr++ = BF_itoa64[c1]; + break; + } + + c2 = *sptr++; + c1 |= c2 >> 6; + *dptr++ = BF_itoa64[c1]; + *dptr++ = BF_itoa64[c2 & 0x3f]; + } while (sptr < end); +} + +static void BF_swap(BF_word *x, int count) +{ + static int endianness_check = 1; + char *is_little_endian = (char *)&endianness_check; + BF_word tmp; + + if (*is_little_endian) + do { + tmp = *x; + tmp = (tmp << 16) | (tmp >> 16); + *x++ = ((tmp & 0x00FF00FF) << 8) | ((tmp >> 8) & 0x00FF00FF); + } while (--count); +} + +#if BF_SCALE +/* Architectures which can shift addresses left by 2 bits with no extra cost */ +#define BF_ROUND(L, R, N) \ + tmp1 = L & 0xFF; \ + tmp2 = L >> 8; \ + tmp2 &= 0xFF; \ + tmp3 = L >> 16; \ + tmp3 &= 0xFF; \ + tmp4 = L >> 24; \ + tmp1 = data.ctx.S[3][tmp1]; \ + tmp2 = data.ctx.S[2][tmp2]; \ + tmp3 = data.ctx.S[1][tmp3]; \ + tmp3 += data.ctx.S[0][tmp4]; \ + tmp3 ^= tmp2; \ + R ^= data.ctx.P[N + 1]; \ + tmp3 += tmp1; \ + R ^= tmp3; +#else +/* Architectures with no complicated addressing modes supported */ +#define BF_INDEX(S, i) \ + (*((BF_word *)(((unsigned char *)S) + (i)))) +#define BF_ROUND(L, R, N) \ + tmp1 = L & 0xFF; \ + tmp1 <<= 2; \ + tmp2 = L >> 6; \ + tmp2 &= 0x3FC; \ + tmp3 = L >> 14; \ + tmp3 &= 0x3FC; \ + tmp4 = L >> 22; \ + tmp4 &= 0x3FC; \ + tmp1 = BF_INDEX(data.ctx.S[3], tmp1); \ + tmp2 = BF_INDEX(data.ctx.S[2], tmp2); \ + tmp3 = BF_INDEX(data.ctx.S[1], tmp3); \ + tmp3 += BF_INDEX(data.ctx.S[0], tmp4); \ + tmp3 ^= tmp2; \ + R ^= data.ctx.P[N + 1]; \ + tmp3 += tmp1; \ + R ^= tmp3; +#endif + +/* + * Encrypt one block, BF_N is hardcoded here. + */ +#define BF_ENCRYPT \ + L ^= data.ctx.P[0]; \ + BF_ROUND(L, R, 0); \ + BF_ROUND(R, L, 1); \ + BF_ROUND(L, R, 2); \ + BF_ROUND(R, L, 3); \ + BF_ROUND(L, R, 4); \ + BF_ROUND(R, L, 5); \ + BF_ROUND(L, R, 6); \ + BF_ROUND(R, L, 7); \ + BF_ROUND(L, R, 8); \ + BF_ROUND(R, L, 9); \ + BF_ROUND(L, R, 10); \ + BF_ROUND(R, L, 11); \ + BF_ROUND(L, R, 12); \ + BF_ROUND(R, L, 13); \ + BF_ROUND(L, R, 14); \ + BF_ROUND(R, L, 15); \ + tmp4 = R; \ + R = L; \ + L = tmp4 ^ data.ctx.P[BF_N + 1]; + +#if BF_ASM +#define BF_body() \ + _BF_body_r(&data.ctx); +#else +#define BF_body() \ + L = R = 0; \ + ptr = data.ctx.P; \ + do { \ + ptr += 2; \ + BF_ENCRYPT; \ + *(ptr - 2) = L; \ + *(ptr - 1) = R; \ + } while (ptr < &data.ctx.P[BF_N + 2]); \ +\ + ptr = data.ctx.S[0]; \ + do { \ + ptr += 2; \ + BF_ENCRYPT; \ + *(ptr - 2) = L; \ + *(ptr - 1) = R; \ + } while (ptr < &data.ctx.S[3][0xFF]); +#endif + +static void BF_set_key(const char *key, BF_key expanded, BF_key initial, + unsigned char flags) +{ + const char *ptr = key; + unsigned int bug, i, j; + BF_word safety, sign, diff, tmp[2]; + +/* + * There was a sign extension bug in older revisions of this function. While + * we would have liked to simply fix the bug and move on, we have to provide + * a backwards compatibility feature (essentially the bug) for some systems and + * a safety measure for some others. The latter is needed because for certain + * multiple inputs to the buggy algorithm there exist easily found inputs to + * the correct algorithm that produce the same hash. Thus, we optionally + * deviate from the correct algorithm just enough to avoid such collisions. + * While the bug itself affected the majority of passwords containing + * characters with the 8th bit set (although only a percentage of those in a + * collision-producing way), the anti-collision safety measure affects + * only a subset of passwords containing the '\xff' character (not even all of + * those passwords, just some of them). This character is not found in valid + * UTF-8 sequences and is rarely used in popular 8-bit character encodings. + * Thus, the safety measure is unlikely to cause much annoyance, and is a + * reasonable tradeoff to use when authenticating against existing hashes that + * are not reliably known to have been computed with the correct algorithm. + * + * We use an approach that tries to minimize side-channel leaks of password + * information - that is, we mostly use fixed-cost bitwise operations instead + * of branches or table lookups. (One conditional branch based on password + * length remains. It is not part of the bug aftermath, though, and is + * difficult and possibly unreasonable to avoid given the use of C strings by + * the caller, which results in similar timing leaks anyway.) + * + * For actual implementation, we set an array index in the variable "bug" + * (0 means no bug, 1 means sign extension bug emulation) and a flag in the + * variable "safety" (bit 16 is set when the safety measure is requested). + * Valid combinations of settings are: + * + * Prefix "$2a$": bug = 0, safety = 0x10000 + * Prefix "$2b$": bug = 0, safety = 0 + * Prefix "$2x$": bug = 1, safety = 0 + * Prefix "$2y$": bug = 0, safety = 0 + */ + bug = (unsigned int)flags & 1; + safety = ((BF_word)flags & 2) << 15; + + sign = diff = 0; + + for (i = 0; i < BF_N + 2; i++) { + tmp[0] = tmp[1] = 0; + for (j = 0; j < 4; j++) { + tmp[0] <<= 8; + tmp[0] |= (unsigned char)*ptr; /* correct */ + tmp[1] <<= 8; + tmp[1] |= (BF_word_signed)(signed char)*ptr; /* bug */ +/* + * Sign extension in the first char has no effect - nothing to overwrite yet, + * and those extra 24 bits will be fully shifted out of the 32-bit word. For + * chars 2, 3, 4 in each four-char block, we set bit 7 of "sign" if sign + * extension in tmp[1] occurs. Once this flag is set, it remains set. + */ + if (j) + sign |= tmp[1] & 0x80; + if (!*ptr) + ptr = key; + else + ptr++; + } + diff |= tmp[0] ^ tmp[1]; /* Non-zero on any differences */ + + expanded[i] = tmp[bug]; + initial[i] = BF_init_state.P[i] ^ tmp[bug]; + } + +/* + * At this point, "diff" is zero iff the correct and buggy algorithms produced + * exactly the same result. If so and if "sign" is non-zero, which indicates + * that there was a non-benign sign extension, this means that we have a + * collision between the correctly computed hash for this password and a set of + * passwords that could be supplied to the buggy algorithm. Our safety measure + * is meant to protect from such many-buggy to one-correct collisions, by + * deviating from the correct algorithm in such cases. Let's check for this. + */ + diff |= diff >> 16; /* still zero iff exact match */ + diff &= 0xffff; /* ditto */ + diff += 0xffff; /* bit 16 set iff "diff" was non-zero (on non-match) */ + sign <<= 9; /* move the non-benign sign extension flag to bit 16 */ + sign &= ~diff & safety; /* action needed? */ + +/* + * If we have determined that we need to deviate from the correct algorithm, + * flip bit 16 in initial expanded key. (The choice of 16 is arbitrary, but + * let's stick to it now. It came out of the approach we used above, and it's + * not any worse than any other choice we could make.) + * + * It is crucial that we don't do the same to the expanded key used in the main + * Eksblowfish loop. By doing it to only one of these two, we deviate from a + * state that could be directly specified by a password to the buggy algorithm + * (and to the fully correct one as well, but that's a side-effect). + */ + initial[0] ^= sign; +} + +static const unsigned char flags_by_subtype[26] = + {2, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 4, 0}; + +static char *BF_crypt(const char *key, const char *setting, + char *output, int size, + BF_word min) +{ +#if BF_ASM + extern void _BF_body_r(BF_ctx *ctx); +#endif + struct { + BF_ctx ctx; + BF_key expanded_key; + union { + BF_word salt[4]; + BF_word output[6]; + } binary; + } data; + BF_word L, R; + BF_word tmp1, tmp2, tmp3, tmp4; + BF_word *ptr; + BF_word count; + int i; + + if (size < 7 + 22 + 31 + 1) { + __set_errno(ERANGE); + return NULL; + } + + if (setting[0] != '$' || + setting[1] != '2' || + setting[2] < 'a' || setting[2] > 'z' || + !flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a'] || + setting[3] != '$' || + setting[4] < '0' || setting[4] > '3' || + setting[5] < '0' || setting[5] > '9' || + (setting[4] == '3' && setting[5] > '1') || + setting[6] != '$') { + __set_errno(EINVAL); + return NULL; + } + + count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); + if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) { + __set_errno(EINVAL); + return NULL; + } + BF_swap(data.binary.salt, 4); + + BF_set_key(key, data.expanded_key, data.ctx.P, + flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a']); + + memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S)); + + L = R = 0; + for (i = 0; i < BF_N + 2; i += 2) { + L ^= data.binary.salt[i & 2]; + R ^= data.binary.salt[(i & 2) + 1]; + BF_ENCRYPT; + data.ctx.P[i] = L; + data.ctx.P[i + 1] = R; + } + + ptr = data.ctx.S[0]; + do { + ptr += 4; + L ^= data.binary.salt[(BF_N + 2) & 3]; + R ^= data.binary.salt[(BF_N + 3) & 3]; + BF_ENCRYPT; + *(ptr - 4) = L; + *(ptr - 3) = R; + + L ^= data.binary.salt[(BF_N + 4) & 3]; + R ^= data.binary.salt[(BF_N + 5) & 3]; + BF_ENCRYPT; + *(ptr - 2) = L; + *(ptr - 1) = R; + } while (ptr < &data.ctx.S[3][0xFF]); + + do { + int done; + + for (i = 0; i < BF_N + 2; i += 2) { + data.ctx.P[i] ^= data.expanded_key[i]; + data.ctx.P[i + 1] ^= data.expanded_key[i + 1]; + } + + done = 0; + do { + BF_body(); + if (done) + break; + done = 1; + + tmp1 = data.binary.salt[0]; + tmp2 = data.binary.salt[1]; + tmp3 = data.binary.salt[2]; + tmp4 = data.binary.salt[3]; + for (i = 0; i < BF_N; i += 4) { + data.ctx.P[i] ^= tmp1; + data.ctx.P[i + 1] ^= tmp2; + data.ctx.P[i + 2] ^= tmp3; + data.ctx.P[i + 3] ^= tmp4; + } + data.ctx.P[16] ^= tmp1; + data.ctx.P[17] ^= tmp2; + } while (1); + } while (--count); + + for (i = 0; i < 6; i += 2) { + L = BF_magic_w[i]; + R = BF_magic_w[i + 1]; + + count = 64; + do { + BF_ENCRYPT; + } while (--count); + + data.binary.output[i] = L; + data.binary.output[i + 1] = R; + } + + memcpy(output, setting, 7 + 22 - 1); + output[7 + 22 - 1] = BF_itoa64[(int) + BF_atoi64[(int)setting[7 + 22 - 1] - 0x20] & 0x30]; + +/* This has to be bug-compatible with the original implementation, so + * only encode 23 of the 24 bytes. :-) */ + BF_swap(data.binary.output, 6); + BF_encode(&output[7 + 22], data.binary.output, 23); + output[7 + 22 + 31] = '\0'; + + return output; +} + +int _crypt_output_magic(const char *setting, char *output, int size) +{ + if (size < 3) + return -1; + + output[0] = '*'; + output[1] = '0'; + output[2] = '\0'; + + if (setting[0] == '*' && setting[1] == '0') + output[1] = '1'; + + return 0; +} + +/* + * Please preserve the runtime self-test. It serves two purposes at once: + * + * 1. We really can't afford the risk of producing incompatible hashes e.g. + * when there's something like gcc bug 26587 again, whereas an application or + * library integrating this code might not also integrate our external tests or + * it might not run them after every build. Even if it does, the miscompile + * might only occur on the production build, but not on a testing build (such + * as because of different optimization settings). It is painful to recover + * from incorrectly-computed hashes - merely fixing whatever broke is not + * enough. Thus, a proactive measure like this self-test is needed. + * + * 2. We don't want to leave sensitive data from our actual password hash + * computation on the stack or in registers. Previous revisions of the code + * would do explicit cleanups, but simply running the self-test after hash + * computation is more reliable. + * + * The performance cost of this quick self-test is around 0.6% at the "$2a$08" + * setting. + */ +char *_crypt_blowfish_rn(const char *key, const char *setting, + char *output, int size) +{ + const char *test_key = "8b \xd0\xc1\xd2\xcf\xcc\xd8"; + const char *test_setting = "$2a$00$abcdefghijklmnopqrstuu"; + static const char * const test_hashes[2] = + {"i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55", /* 'a', 'b', 'y' */ + "VUrPmXD6q/nVSSp7pNDhCR9071IfIRe\0\x55"}; /* 'x' */ + const char *test_hash = test_hashes[0]; + char *retval; + const char *p; + int save_errno, ok; + struct { + char s[7 + 22 + 1]; + char o[7 + 22 + 31 + 1 + 1 + 1]; + } buf; + +/* Hash the supplied password */ + _crypt_output_magic(setting, output, size); + retval = BF_crypt(key, setting, output, size, 16); + save_errno = errno; + +/* + * Do a quick self-test. It is important that we make both calls to BF_crypt() + * from the same scope such that they likely use the same stack locations, + * which makes the second call overwrite the first call's sensitive data on the + * stack and makes it more likely that any alignment related issues would be + * detected by the self-test. + */ + memcpy(buf.s, test_setting, sizeof(buf.s)); + if (retval) { + unsigned int flags = flags_by_subtype[ + (unsigned int)(unsigned char)setting[2] - 'a']; + test_hash = test_hashes[flags & 1]; + buf.s[2] = setting[2]; + } + memset(buf.o, 0x55, sizeof(buf.o)); + buf.o[sizeof(buf.o) - 1] = 0; + p = BF_crypt(test_key, buf.s, buf.o, sizeof(buf.o) - (1 + 1), 1); + + ok = (p == buf.o && + !memcmp(p, buf.s, 7 + 22) && + !memcmp(p + (7 + 22), test_hash, 31 + 1 + 1 + 1)); + + { + const char *k = "\xff\xa3" "34" "\xff\xff\xff\xa3" "345"; + BF_key ae, ai, ye, yi; + BF_set_key(k, ae, ai, 2); /* $2a$ */ + BF_set_key(k, ye, yi, 4); /* $2y$ */ + ai[0] ^= 0x10000; /* undo the safety (for comparison) */ + ok = ok && ai[0] == 0xdb9c59bc && ye[17] == 0x33343500 && + !memcmp(ae, ye, sizeof(ae)) && + !memcmp(ai, yi, sizeof(ai)); + } + + __set_errno(save_errno); + if (ok) + return retval; + +/* Should not happen */ + _crypt_output_magic(setting, output, size); + __set_errno(EINVAL); /* pretend we don't support this hash type */ + return NULL; +} + +char *_crypt_gensalt_blowfish_rn(const char *prefix, unsigned long count, + const char *input, int size, char *output, int output_size) +{ + if (size < 16 || output_size < 7 + 22 + 1 || + (count && (count < 4 || count > 31)) || + prefix[0] != '$' || prefix[1] != '2' || + (prefix[2] != 'a' && prefix[2] != 'b' && prefix[2] != 'y')) { + if (output_size > 0) output[0] = '\0'; + __set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL); + return NULL; + } + + if (!count) count = 5; + + output[0] = '$'; + output[1] = '2'; + output[2] = prefix[2]; + output[3] = '$'; + output[4] = '0' + count / 10; + output[5] = '0' + count % 10; + output[6] = '$'; + + BF_encode(&output[7], (const BF_word *)input, 16); + output[7 + 22] = '\0'; + + return output; +} diff --git a/src/bcrypt/src/crypt_gensalt.c b/src/bcrypt/src/crypt_gensalt.c new file mode 100644 index 000000000..1f0d73da0 --- /dev/null +++ b/src/bcrypt/src/crypt_gensalt.c @@ -0,0 +1,128 @@ +/* + * Written by Solar Designer in 2000-2011. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See crypt_blowfish.c for more information. + * + * This file contains salt generation functions for the traditional and + * other common crypt(3) algorithms, except for bcrypt which is defined + * entirely in crypt_blowfish.c. + */ + +#include + +#include +#ifndef __set_errno +#define __set_errno(val) errno = (val) +#endif + +/* Just to make sure the prototypes match the actual definitions */ +#ifdef _WIN32 +#include "../include/bcrypt/crypt_gensalt.h" +#else +#include "crypt_gensalt.h" +#endif + +unsigned char _crypt_itoa64[64 + 1] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +char *_crypt_gensalt_traditional_rn(const char *prefix, unsigned long count, + const char *input, int size, char *output, int output_size) +{ + (void) prefix; + + if (size < 2 || output_size < 2 + 1 || (count && count != 25)) { + if (output_size > 0) output[0] = '\0'; + __set_errno((output_size < 2 + 1) ? ERANGE : EINVAL); + return NULL; + } + + output[0] = _crypt_itoa64[(unsigned int)input[0] & 0x3f]; + output[1] = _crypt_itoa64[(unsigned int)input[1] & 0x3f]; + output[2] = '\0'; + + return output; +} + +char *_crypt_gensalt_extended_rn(const char *prefix, unsigned long count, + const char *input, int size, char *output, int output_size) +{ + unsigned long value; + + (void) prefix; + +/* Even iteration counts make it easier to detect weak DES keys from a look + * at the hash, so they should be avoided */ + if (size < 3 || output_size < 1 + 4 + 4 + 1 || + (count && (count > 0xffffff || !(count & 1)))) { + if (output_size > 0) output[0] = '\0'; + __set_errno((output_size < 1 + 4 + 4 + 1) ? ERANGE : EINVAL); + return NULL; + } + + if (!count) count = 725; + + output[0] = '_'; + output[1] = _crypt_itoa64[count & 0x3f]; + output[2] = _crypt_itoa64[(count >> 6) & 0x3f]; + output[3] = _crypt_itoa64[(count >> 12) & 0x3f]; + output[4] = _crypt_itoa64[(count >> 18) & 0x3f]; + value = (unsigned long)(unsigned char)input[0] | + ((unsigned long)(unsigned char)input[1] << 8) | + ((unsigned long)(unsigned char)input[2] << 16); + output[5] = _crypt_itoa64[value & 0x3f]; + output[6] = _crypt_itoa64[(value >> 6) & 0x3f]; + output[7] = _crypt_itoa64[(value >> 12) & 0x3f]; + output[8] = _crypt_itoa64[(value >> 18) & 0x3f]; + output[9] = '\0'; + + return output; +} + +char *_crypt_gensalt_md5_rn(const char *prefix, unsigned long count, + const char *input, int size, char *output, int output_size) +{ + unsigned long value; + + (void) prefix; + + if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000)) { + if (output_size > 0) output[0] = '\0'; + __set_errno((output_size < 3 + 4 + 1) ? ERANGE : EINVAL); + return NULL; + } + + output[0] = '$'; + output[1] = '1'; + output[2] = '$'; + value = (unsigned long)(unsigned char)input[0] | + ((unsigned long)(unsigned char)input[1] << 8) | + ((unsigned long)(unsigned char)input[2] << 16); + output[3] = _crypt_itoa64[value & 0x3f]; + output[4] = _crypt_itoa64[(value >> 6) & 0x3f]; + output[5] = _crypt_itoa64[(value >> 12) & 0x3f]; + output[6] = _crypt_itoa64[(value >> 18) & 0x3f]; + output[7] = '\0'; + + if (size >= 6 && output_size >= 3 + 4 + 4 + 1) { + value = (unsigned long)(unsigned char)input[3] | + ((unsigned long)(unsigned char)input[4] << 8) | + ((unsigned long)(unsigned char)input[5] << 16); + output[7] = _crypt_itoa64[value & 0x3f]; + output[8] = _crypt_itoa64[(value >> 6) & 0x3f]; + output[9] = _crypt_itoa64[(value >> 12) & 0x3f]; + output[10] = _crypt_itoa64[(value >> 18) & 0x3f]; + output[11] = '\0'; + } + + return output; +} diff --git a/src/bcrypt/src/main.cpp b/src/bcrypt/src/main.cpp new file mode 100644 index 000000000..1d9046b77 --- /dev/null +++ b/src/bcrypt/src/main.cpp @@ -0,0 +1,19 @@ +#include "bcrypt/BCrypt.hpp" +#include + +int main(){ + std::string right_password = "right_password"; + std::string wrong_password = "wrong_password"; + + std::cout << "generate hash... " << std::flush; + std::string hash = BCrypt::generateHash(right_password, 12); + std::cout << "done." << std::endl; + + std::cout << "checking right password: " << std::flush + << BCrypt::validatePassword(right_password,hash) << std::endl; + + std::cout << "checking wrong password: " << std::flush + << BCrypt::validatePassword(wrong_password,hash) << std::endl; + + return 0; +} diff --git a/src/bcrypt/src/wrapper.c b/src/bcrypt/src/wrapper.c new file mode 100644 index 000000000..98ffeecfd --- /dev/null +++ b/src/bcrypt/src/wrapper.c @@ -0,0 +1,563 @@ +/* + * Written by Solar Designer in 2000-2014. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 2000-2014 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See crypt_blowfish.c for more information. + */ + +#include +#include + +#include +#ifndef __set_errno +#define __set_errno(val) errno = (val) +#endif + +#ifdef TEST +#include +#include +#include +#include +#include +#include +#ifdef TEST_THREADS +#include +#endif +#endif + +#define CRYPT_OUTPUT_SIZE (7 + 22 + 31 + 1) +#define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1) + +#if defined(__GLIBC__) && defined(_LIBC) +#define __SKIP_GNU +#endif + +#ifdef _WIN32 | _WIN64 +#include "../include/bcrypt/ow-crypt.h" + +#include "../include/bcrypt/crypt_blowfish.h" +#include "../include/bcrypt/crypt_gensalt.h" +#else +#include "ow-crypt.h" + +#include "crypt_blowfish.h" +#include "crypt_gensalt.h" +#endif + +#if defined(__GLIBC__) && defined(_LIBC) +/* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */ +#include "crypt.h" +extern char *__md5_crypt_r(const char *key, const char *salt, + char *buffer, int buflen); +/* crypt-entry.c needs to be patched to define __des_crypt_r rather than + * __crypt_r, and not define crypt_r and crypt at all */ +extern char *__des_crypt_r(const char *key, const char *salt, + struct crypt_data *data); +extern struct crypt_data _ufc_foobar; +#endif + +static int _crypt_data_alloc(void **data, int *size, int need) +{ + void *updated; + + if (*data && *size >= need) return 0; + + updated = realloc(*data, need); + + if (!updated) { +#ifndef __GLIBC__ + /* realloc(3) on glibc sets errno, so we don't need to bother */ + __set_errno(ENOMEM); +#endif + return -1; + } + +#if defined(__GLIBC__) && defined(_LIBC) + if (need >= sizeof(struct crypt_data)) + ((struct crypt_data *)updated)->initialized = 0; +#endif + + *data = updated; + *size = need; + + return 0; +} + +static char *_crypt_retval_magic(char *retval, const char *setting, + char *output, int size) +{ + if (retval) + return retval; + + if (_crypt_output_magic(setting, output, size)) + return NULL; /* shouldn't happen */ + + return output; +} + +#if defined(__GLIBC__) && defined(_LIBC) +/* + * Applications may re-use the same instance of struct crypt_data without + * resetting the initialized field in order to let crypt_r() skip some of + * its initialization code. Thus, it is important that our multiple hashing + * algorithms either don't conflict with each other in their use of the + * data area or reset the initialized field themselves whenever required. + * Currently, the hashing algorithms simply have no conflicts: the first + * field of struct crypt_data is the 128-byte large DES key schedule which + * __des_crypt_r() calculates each time it is called while the two other + * hashing algorithms use less than 128 bytes of the data area. + */ + +char *__crypt_rn(__const char *key, __const char *setting, + void *data, int size) +{ + if (setting[0] == '$' && setting[1] == '2') + return _crypt_blowfish_rn(key, setting, (char *)data, size); + if (setting[0] == '$' && setting[1] == '1') + return __md5_crypt_r(key, setting, (char *)data, size); + if (setting[0] == '$' || setting[0] == '_') { + __set_errno(EINVAL); + return NULL; + } + if (size >= sizeof(struct crypt_data)) + return __des_crypt_r(key, setting, (struct crypt_data *)data); + __set_errno(ERANGE); + return NULL; +} + +char *__crypt_ra(__const char *key, __const char *setting, + void **data, int *size) +{ + if (setting[0] == '$' && setting[1] == '2') { + if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) + return NULL; + return _crypt_blowfish_rn(key, setting, (char *)*data, *size); + } + if (setting[0] == '$' && setting[1] == '1') { + if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) + return NULL; + return __md5_crypt_r(key, setting, (char *)*data, *size); + } + if (setting[0] == '$' || setting[0] == '_') { + __set_errno(EINVAL); + return NULL; + } + if (_crypt_data_alloc(data, size, sizeof(struct crypt_data))) + return NULL; + return __des_crypt_r(key, setting, (struct crypt_data *)*data); +} + +char *__crypt_r(__const char *key, __const char *setting, + struct crypt_data *data) +{ + return _crypt_retval_magic( + __crypt_rn(key, setting, data, sizeof(*data)), + setting, (char *)data, sizeof(*data)); +} + +char *__crypt(__const char *key, __const char *setting) +{ + return _crypt_retval_magic( + __crypt_rn(key, setting, &_ufc_foobar, sizeof(_ufc_foobar)), + setting, (char *)&_ufc_foobar, sizeof(_ufc_foobar)); +} +#else +char *crypt_rn(const char *key, const char *setting, void *data, int size) +{ + return _crypt_blowfish_rn(key, setting, (char *)data, size); +} + +char *crypt_ra(const char *key, const char *setting, + void **data, int *size) +{ + if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) + return NULL; + return _crypt_blowfish_rn(key, setting, (char *)*data, *size); +} + +char *crypt_r(const char *key, const char *setting, void *data) +{ + return _crypt_retval_magic( + crypt_rn(key, setting, data, CRYPT_OUTPUT_SIZE), + setting, (char *)data, CRYPT_OUTPUT_SIZE); +} + +char *crypt(const char *key, const char *setting) +{ + static char output[CRYPT_OUTPUT_SIZE]; + + return _crypt_retval_magic( + crypt_rn(key, setting, output, sizeof(output)), + setting, output, sizeof(output)); +} + +#define __crypt_gensalt_rn crypt_gensalt_rn +#define __crypt_gensalt_ra crypt_gensalt_ra +#define __crypt_gensalt crypt_gensalt +#endif + +char *__crypt_gensalt_rn(const char *prefix, unsigned long count, + const char *input, int size, char *output, int output_size) +{ + char *(*use)(const char *_prefix, unsigned long _count, + const char *_input, int _size, + char *_output, int _output_size); + + /* This may be supported on some platforms in the future */ + if (!input) { + __set_errno(EINVAL); + return NULL; + } + + if (!strncmp(prefix, "$2a$", 4) || !strncmp(prefix, "$2b$", 4) || + !strncmp(prefix, "$2y$", 4)) + use = _crypt_gensalt_blowfish_rn; + else + if (!strncmp(prefix, "$1$", 3)) + use = _crypt_gensalt_md5_rn; + else + if (prefix[0] == '_') + use = _crypt_gensalt_extended_rn; + else + if (!prefix[0] || + (prefix[0] && prefix[1] && + memchr(_crypt_itoa64, prefix[0], 64) && + memchr(_crypt_itoa64, prefix[1], 64))) + use = _crypt_gensalt_traditional_rn; + else { + __set_errno(EINVAL); + return NULL; + } + + return use(prefix, count, input, size, output, output_size); +} + +char *__crypt_gensalt_ra(const char *prefix, unsigned long count, + const char *input, int size) +{ + char output[CRYPT_GENSALT_OUTPUT_SIZE]; + char *retval; + + retval = __crypt_gensalt_rn(prefix, count, + input, size, output, sizeof(output)); + + if (retval) { +#ifdef _WIN32 | _WIN64 + retval = _strdup(retval); +#else + retval = strdup(retval); +#endif +#ifndef __GLIBC__ + /* strdup(3) on glibc sets errno, so we don't need to bother */ + if (!retval) + __set_errno(ENOMEM); +#endif + } + + return retval; +} + +char *__crypt_gensalt(const char *prefix, unsigned long count, + const char *input, int size) +{ + static char output[CRYPT_GENSALT_OUTPUT_SIZE]; + + return __crypt_gensalt_rn(prefix, count, + input, size, output, sizeof(output)); +} + +#if defined(__GLIBC__) && defined(_LIBC) +weak_alias(__crypt_rn, crypt_rn) +weak_alias(__crypt_ra, crypt_ra) +weak_alias(__crypt_r, crypt_r) +weak_alias(__crypt, crypt) +weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn) +weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra) +weak_alias(__crypt_gensalt, crypt_gensalt) +weak_alias(crypt, fcrypt) +#endif + +#ifdef TEST +static const char *tests[][3] = { + {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW", + "U*U"}, + {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK", + "U*U*"}, + {"$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a", + "U*U*U"}, + {"$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui", + "0123456789abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" + "chars after 72 are ignored"}, + {"$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e", + "\xa3"}, + {"$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e", + "\xff\xff\xa3"}, + {"$2y$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e", + "\xff\xff\xa3"}, + {"$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85.", + "\xff\xff\xa3"}, + {"$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e", + "\xff\xff\xa3"}, + {"$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq", + "\xa3"}, + {"$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq", + "\xa3"}, + {"$2b$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq", + "\xa3"}, + {"$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi", + "1\xa3" "345"}, + {"$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi", + "\xff\xa3" "345"}, + {"$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi", + "\xff\xa3" "34" "\xff\xff\xff\xa3" "345"}, + {"$2y$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi", + "\xff\xa3" "34" "\xff\xff\xff\xa3" "345"}, + {"$2a$05$/OK.fbVrR/bpIqNJ5ianF.ZC1JEJ8Z4gPfpe1JOr/oyPXTWl9EFd.", + "\xff\xa3" "34" "\xff\xff\xff\xa3" "345"}, + {"$2y$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e", + "\xff\xa3" "345"}, + {"$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e", + "\xff\xa3" "345"}, + {"$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS", + "\xa3" "ab"}, + {"$2x$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS", + "\xa3" "ab"}, + {"$2y$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS", + "\xa3" "ab"}, + {"$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS", + "\xd1\x91"}, + {"$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS", + "\xd0\xc1\xd2\xcf\xcc\xd8"}, + {"$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "chars after 72 are ignored as usual"}, + {"$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy", + "\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55" + "\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55" + "\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55" + "\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55" + "\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55" + "\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55"}, + {"$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe", + "\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff" + "\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff" + "\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff" + "\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff" + "\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff" + "\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff"}, + {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy", + ""}, + {"*0", "", "$2a$03$CCCCCCCCCCCCCCCCCCCCC."}, + {"*0", "", "$2a$32$CCCCCCCCCCCCCCCCCCCCC."}, + {"*0", "", "$2c$05$CCCCCCCCCCCCCCCCCCCCC."}, + {"*0", "", "$2z$05$CCCCCCCCCCCCCCCCCCCCC."}, + {"*0", "", "$2`$05$CCCCCCCCCCCCCCCCCCCCC."}, + {"*0", "", "$2{$05$CCCCCCCCCCCCCCCCCCCCC."}, + {"*1", "", "*0"}, + {NULL} +}; + +#define which tests[0] + +static volatile sig_atomic_t running; + +static void handle_timer(int signum) +{ + (void) signum; + running = 0; +} + +static void *run(void *arg) +{ + unsigned long count = 0; + int i = 0; + void *data = NULL; + int size = 0x12345678; + + do { + const char *hash = tests[i][0]; + const char *key = tests[i][1]; + const char *setting = tests[i][2]; + + if (!tests[++i][0]) + i = 0; + + if (setting && strlen(hash) < 30) /* not for benchmark */ + continue; + + if (strcmp(crypt_ra(key, hash, &data, &size), hash)) { + printf("%d: FAILED (crypt_ra/%d/%lu)\n", + (int)((char *)arg - (char *)0), i, count); + free(data); + return NULL; + } + count++; + } while (running); + + free(data); + return count + (char *)0; +} + +int main(void) +{ + struct itimerval it; + struct tms buf; + clock_t clk_tck, start_real, start_virtual, end_real, end_virtual; + unsigned long count; + void *data; + int size; + char *setting1, *setting2; + int i; +#ifdef TEST_THREADS + pthread_t t[TEST_THREADS]; + void *t_retval; +#endif + + data = NULL; + size = 0x12345678; + + for (i = 0; tests[i][0]; i++) { + const char *hash = tests[i][0]; + const char *key = tests[i][1]; + const char *setting = tests[i][2]; + const char *p; + int ok = !setting || strlen(hash) >= 30; + int o_size; + char s_buf[30], o_buf[61]; + if (!setting) { + memcpy(s_buf, hash, sizeof(s_buf) - 1); + s_buf[sizeof(s_buf) - 1] = 0; + setting = s_buf; + } + + __set_errno(0); + p = crypt(key, setting); + if ((!ok && !errno) || strcmp(p, hash)) { + printf("FAILED (crypt/%d)\n", i); + return 1; + } + + if (ok && strcmp(crypt(key, hash), hash)) { + printf("FAILED (crypt/%d)\n", i); + return 1; + } + + for (o_size = -1; o_size <= (int)sizeof(o_buf); o_size++) { + int ok_n = ok && o_size == (int)sizeof(o_buf); + const char *x = "abc"; + strcpy(o_buf, x); + if (o_size >= 3) { + x = "*0"; + if (setting[0] == '*' && setting[1] == '0') + x = "*1"; + } + __set_errno(0); + p = crypt_rn(key, setting, o_buf, o_size); + if ((ok_n && (!p || strcmp(p, hash))) || + (!ok_n && (!errno || p || strcmp(o_buf, x)))) { + printf("FAILED (crypt_rn/%d)\n", i); + return 1; + } + } + + __set_errno(0); + p = crypt_ra(key, setting, &data, &size); + if ((ok && (!p || strcmp(p, hash))) || + (!ok && (!errno || p || strcmp((char *)data, hash)))) { + printf("FAILED (crypt_ra/%d)\n", i); + return 1; + } + } + + setting1 = crypt_gensalt(which[0], 12, data, size); + if (!setting1 || strncmp(setting1, "$2a$12$", 7)) { + puts("FAILED (crypt_gensalt)\n"); + return 1; + } + + setting2 = crypt_gensalt_ra(setting1, 12, data, size); + if (strcmp(setting1, setting2)) { + puts("FAILED (crypt_gensalt_ra/1)\n"); + return 1; + } + + (*(char *)data)++; + setting1 = crypt_gensalt_ra(setting2, 12, data, size); + if (!strcmp(setting1, setting2)) { + puts("FAILED (crypt_gensalt_ra/2)\n"); + return 1; + } + + free(setting1); + free(setting2); + free(data); + +#if defined(_SC_CLK_TCK) || !defined(CLK_TCK) + clk_tck = sysconf(_SC_CLK_TCK); +#else + clk_tck = CLK_TCK; +#endif + + running = 1; + signal(SIGALRM, handle_timer); + + memset(&it, 0, sizeof(it)); + it.it_value.tv_sec = 5; + setitimer(ITIMER_REAL, &it, NULL); + + start_real = times(&buf); + start_virtual = buf.tms_utime + buf.tms_stime; + + count = (char *)run((char *)0) - (char *)0; + + end_real = times(&buf); + end_virtual = buf.tms_utime + buf.tms_stime; + if (end_virtual == start_virtual) end_virtual++; + + printf("%.1f c/s real, %.1f c/s virtual\n", + (float)count * clk_tck / (end_real - start_real), + (float)count * clk_tck / (end_virtual - start_virtual)); + +#ifdef TEST_THREADS + running = 1; + it.it_value.tv_sec = 60; + setitimer(ITIMER_REAL, &it, NULL); + start_real = times(&buf); + + for (i = 0; i < TEST_THREADS; i++) + if (pthread_create(&t[i], NULL, run, i + (char *)0)) { + perror("pthread_create"); + return 1; + } + + for (i = 0; i < TEST_THREADS; i++) { + if (pthread_join(t[i], &t_retval)) { + perror("pthread_join"); + continue; + } + if (!t_retval) continue; + count = (char *)t_retval - (char *)0; + end_real = times(&buf); + printf("%d: %.1f c/s real\n", i, + (float)count * clk_tck / (end_real - start_real)); + } +#endif + + return 0; +} +#endif diff --git a/src/bcrypt/src/x86.S b/src/bcrypt/src/x86.S new file mode 100644 index 000000000..3dc8d008b --- /dev/null +++ b/src/bcrypt/src/x86.S @@ -0,0 +1,202 @@ +/* + * Written by Solar Designer in 1998-2010. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 1998-2010 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See crypt_blowfish.c for more information. + */ + +#ifdef __i386__ + +#if defined(__OpenBSD__) && !defined(__ELF__) +#define UNDERSCORES +#define ALIGN_LOG +#endif + +#if defined(__CYGWIN32__) || defined(__MINGW32__) +#define UNDERSCORES +#endif + +#ifdef __DJGPP__ +#define UNDERSCORES +#define ALIGN_LOG +#endif + +#ifdef UNDERSCORES +#define _BF_body_r __BF_body_r +#endif + +#ifdef ALIGN_LOG +#define DO_ALIGN(log) .align (log) +#elif defined(DUMBAS) +#define DO_ALIGN(log) .align 1 << log +#else +#define DO_ALIGN(log) .align (1 << (log)) +#endif + +#define BF_FRAME 0x200 +#define ctx %esp + +#define BF_ptr (ctx) + +#define S(N, r) N+BF_FRAME(ctx,r,4) +#ifdef DUMBAS +#define P(N) 0x1000+N+N+N+N+BF_FRAME(ctx) +#else +#define P(N) 0x1000+4*N+BF_FRAME(ctx) +#endif + +/* + * This version of the assembly code is optimized primarily for the original + * Intel Pentium but is also careful to avoid partial register stalls on the + * Pentium Pro family of processors (tested up to Pentium III Coppermine). + * + * It is possible to do 15% faster on the Pentium Pro family and probably on + * many non-Intel x86 processors, but, unfortunately, that would make things + * twice slower for the original Pentium. + * + * An additional 2% speedup may be achieved with non-reentrant code. + */ + +#define L %esi +#define R %edi +#define tmp1 %eax +#define tmp1_lo %al +#define tmp2 %ecx +#define tmp2_hi %ch +#define tmp3 %edx +#define tmp3_lo %dl +#define tmp4 %ebx +#define tmp4_hi %bh +#define tmp5 %ebp + +.text + +#define BF_ROUND(L, R, N) \ + xorl L,tmp2; \ + xorl tmp1,tmp1; \ + movl tmp2,L; \ + shrl $16,tmp2; \ + movl L,tmp4; \ + movb tmp2_hi,tmp1_lo; \ + andl $0xFF,tmp2; \ + movb tmp4_hi,tmp3_lo; \ + andl $0xFF,tmp4; \ + movl S(0,tmp1),tmp1; \ + movl S(0x400,tmp2),tmp5; \ + addl tmp5,tmp1; \ + movl S(0x800,tmp3),tmp5; \ + xorl tmp5,tmp1; \ + movl S(0xC00,tmp4),tmp5; \ + addl tmp1,tmp5; \ + movl 4+P(N),tmp2; \ + xorl tmp5,R + +#define BF_ENCRYPT_START \ + BF_ROUND(L, R, 0); \ + BF_ROUND(R, L, 1); \ + BF_ROUND(L, R, 2); \ + BF_ROUND(R, L, 3); \ + BF_ROUND(L, R, 4); \ + BF_ROUND(R, L, 5); \ + BF_ROUND(L, R, 6); \ + BF_ROUND(R, L, 7); \ + BF_ROUND(L, R, 8); \ + BF_ROUND(R, L, 9); \ + BF_ROUND(L, R, 10); \ + BF_ROUND(R, L, 11); \ + BF_ROUND(L, R, 12); \ + BF_ROUND(R, L, 13); \ + BF_ROUND(L, R, 14); \ + BF_ROUND(R, L, 15); \ + movl BF_ptr,tmp5; \ + xorl L,tmp2; \ + movl P(17),L + +#define BF_ENCRYPT_END \ + xorl R,L; \ + movl tmp2,R + +DO_ALIGN(5) +.globl _BF_body_r +_BF_body_r: + movl 4(%esp),%eax + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + subl $BF_FRAME-8,%eax + xorl L,L + cmpl %esp,%eax + ja BF_die + xchgl %eax,%esp + xorl R,R + pushl %eax + leal 0x1000+BF_FRAME-4(ctx),%eax + movl 0x1000+BF_FRAME-4(ctx),tmp2 + pushl %eax + xorl tmp3,tmp3 +BF_loop_P: + BF_ENCRYPT_START + addl $8,tmp5 + BF_ENCRYPT_END + leal 0x1000+18*4+BF_FRAME(ctx),tmp1 + movl tmp5,BF_ptr + cmpl tmp5,tmp1 + movl L,-8(tmp5) + movl R,-4(tmp5) + movl P(0),tmp2 + ja BF_loop_P + leal BF_FRAME(ctx),tmp5 + xorl tmp3,tmp3 + movl tmp5,BF_ptr +BF_loop_S: + BF_ENCRYPT_START + BF_ENCRYPT_END + movl P(0),tmp2 + movl L,(tmp5) + movl R,4(tmp5) + BF_ENCRYPT_START + BF_ENCRYPT_END + movl P(0),tmp2 + movl L,8(tmp5) + movl R,12(tmp5) + BF_ENCRYPT_START + BF_ENCRYPT_END + movl P(0),tmp2 + movl L,16(tmp5) + movl R,20(tmp5) + BF_ENCRYPT_START + addl $32,tmp5 + BF_ENCRYPT_END + leal 0x1000+BF_FRAME(ctx),tmp1 + movl tmp5,BF_ptr + cmpl tmp5,tmp1 + movl P(0),tmp2 + movl L,-8(tmp5) + movl R,-4(tmp5) + ja BF_loop_S + movl 4(%esp),%esp + popl %edi + popl %esi + popl %ebx + popl %ebp + ret + +BF_die: +/* Oops, need to re-compile with a larger BF_FRAME. */ + hlt + jmp BF_die + +#if defined(__ELF__) && defined(__linux__) +.section .note.GNU-stack,"",@progbits +#endif +#endif diff --git a/src/bcrypt/vs2017/libbcrypt/libbcrypt.sln b/src/bcrypt/vs2017/libbcrypt/libbcrypt.sln new file mode 100644 index 000000000..38c2d4047 --- /dev/null +++ b/src/bcrypt/vs2017/libbcrypt/libbcrypt.sln @@ -0,0 +1,41 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 15 +VisualStudioVersion = 15.0.28307.136 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libbcrypt", "libbcrypt.vcxproj", "{D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "..\test\test.vcxproj", "{C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}.Debug|x64.ActiveCfg = Debug|x64 + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}.Debug|x64.Build.0 = Debug|x64 + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}.Debug|x86.ActiveCfg = Debug|Win32 + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}.Debug|x86.Build.0 = Debug|Win32 + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}.Release|x64.ActiveCfg = Release|x64 + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}.Release|x64.Build.0 = Release|x64 + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}.Release|x86.ActiveCfg = Release|Win32 + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4}.Release|x86.Build.0 = Release|Win32 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}.Debug|x64.ActiveCfg = Debug|x64 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}.Debug|x64.Build.0 = Debug|x64 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}.Debug|x86.ActiveCfg = Debug|Win32 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}.Debug|x86.Build.0 = Debug|Win32 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}.Release|x64.ActiveCfg = Release|x64 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}.Release|x64.Build.0 = Release|x64 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}.Release|x86.ActiveCfg = Release|Win32 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {2DB786F9-9679-4A72-A4A0-2544E42B78CB} + EndGlobalSection +EndGlobal diff --git a/src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj b/src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj new file mode 100644 index 000000000..577af5635 --- /dev/null +++ b/src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj @@ -0,0 +1,135 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {D6A9A3F3-1312-4494-85B8-7CE7DD4D78F4} + libbcrypt + 10.0.17763.0 + + + + StaticLibrary + true + v141 + MultiByte + + + Application + false + v141 + true + MultiByte + + + Application + true + v141 + MultiByte + + + Application + false + v141 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj.filters b/src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj.filters new file mode 100644 index 000000000..e30024695 --- /dev/null +++ b/src/bcrypt/vs2017/libbcrypt/libbcrypt.vcxproj.filters @@ -0,0 +1,54 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + \ No newline at end of file diff --git a/src/bcrypt/vs2017/test/main.cpp b/src/bcrypt/vs2017/test/main.cpp new file mode 100644 index 000000000..fac9b7134 --- /dev/null +++ b/src/bcrypt/vs2017/test/main.cpp @@ -0,0 +1,22 @@ +#include "../../include/bcrypt/BCrypt.hpp" +#include + +using namespace std; + +int main() { + string right_password = "right_password"; + string wrong_password = "wrong_password"; + + cout << "generate hash... " << flush; + string hash = BCrypt::generateHash(right_password, 12); + cout << "done." << endl; + + cout << "checking right password: " << flush + << BCrypt::validatePassword(right_password, hash) << endl; + + cout << "checking wrong password: " << flush + << BCrypt::validatePassword(wrong_password, hash) << endl; + + system("pause"); + return 0; +} diff --git a/src/bcrypt/vs2017/test/test.vcxproj b/src/bcrypt/vs2017/test/test.vcxproj new file mode 100644 index 000000000..a05b3cf6e --- /dev/null +++ b/src/bcrypt/vs2017/test/test.vcxproj @@ -0,0 +1,131 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + + + + + {d6a9a3f3-1312-4494-85b8-7ce7dd4d78f4} + + + + 15.0 + {C6B1CF6E-88DF-4109-9EF4-06CBA5BD5B68} + test + 10.0.17763.0 + + + + Application + true + v141 + MultiByte + + + Application + false + v141 + true + MultiByte + + + Application + true + v141 + MultiByte + + + Application + false + v141 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + Disabled + true + true + + + ../libbcrypt/Debug/libbcrypt.lib;%(AdditionalDependencies) + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + \ No newline at end of file diff --git a/src/bcrypt/vs2017/test/test.vcxproj.filters b/src/bcrypt/vs2017/test/test.vcxproj.filters new file mode 100644 index 000000000..128a38664 --- /dev/null +++ b/src/bcrypt/vs2017/test/test.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/src/jwt-cpp/BaseTest.cpp b/src/jwt-cpp/BaseTest.cpp new file mode 100644 index 000000000..aceeb38d4 --- /dev/null +++ b/src/jwt-cpp/BaseTest.cpp @@ -0,0 +1,30 @@ +#include +#include "include/jwt-cpp/base.h" + +TEST(BaseTest, Base64Decode) { + ASSERT_EQ("1", jwt::base::decode("MQ==")); + ASSERT_EQ("12", jwt::base::decode("MTI=")); + ASSERT_EQ("123", jwt::base::decode("MTIz")); + ASSERT_EQ("1234", jwt::base::decode("MTIzNA==")); +} + +TEST(BaseTest, Base64DecodeURL) { + ASSERT_EQ("1", jwt::base::decode("MQ%3d%3d")); + ASSERT_EQ("12", jwt::base::decode("MTI%3d")); + ASSERT_EQ("123", jwt::base::decode("MTIz")); + ASSERT_EQ("1234", jwt::base::decode("MTIzNA%3d%3d")); +} + +TEST(BaseTest, Base64Encode) { + ASSERT_EQ("MQ==", jwt::base::encode("1")); + ASSERT_EQ("MTI=", jwt::base::encode("12")); + ASSERT_EQ("MTIz", jwt::base::encode("123")); + ASSERT_EQ("MTIzNA==", jwt::base::encode("1234")); +} + +TEST(BaseTest, Base64EncodeURL) { + ASSERT_EQ("MQ%3d%3d", jwt::base::encode("1")); + ASSERT_EQ("MTI%3d", jwt::base::encode("12")); + ASSERT_EQ("MTIz", jwt::base::encode("123")); + ASSERT_EQ("MTIzNA%3d%3d", jwt::base::encode("1234")); +} \ No newline at end of file diff --git a/src/jwt-cpp/ClaimTest.cpp b/src/jwt-cpp/ClaimTest.cpp new file mode 100644 index 000000000..749edf2ef --- /dev/null +++ b/src/jwt-cpp/ClaimTest.cpp @@ -0,0 +1,33 @@ +#include +#include "include/jwt-cpp/jwt.h" + +TEST(ClaimTest, AudienceAsString) { + std::string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0In0.WZnM3SIiSRHsbO3O7Z2bmIzTJ4EC32HRBKfLznHhrh4"; + auto decoded = jwt::decode(token); + + ASSERT_TRUE(decoded.has_algorithm()); + ASSERT_TRUE(decoded.has_type()); + ASSERT_FALSE(decoded.has_content_type()); + ASSERT_FALSE(decoded.has_key_id()); + ASSERT_FALSE(decoded.has_issuer()); + ASSERT_FALSE(decoded.has_subject()); + ASSERT_TRUE(decoded.has_audience()); + ASSERT_FALSE(decoded.has_expires_at()); + ASSERT_FALSE(decoded.has_not_before()); + ASSERT_FALSE(decoded.has_issued_at()); + ASSERT_FALSE(decoded.has_id()); + + ASSERT_EQ("HS256", decoded.get_algorithm()); + ASSERT_EQ("JWT", decoded.get_type()); + auto aud = decoded.get_audience(); + ASSERT_EQ(1, aud.size()); + ASSERT_EQ("test", *aud.begin()); +} + +TEST(ClaimTest, SetAudienceAsString) { + auto token = jwt::create() + .set_type("JWT") + .set_audience("test") + .sign(jwt::algorithm::hs256("test")); + ASSERT_EQ("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0In0.ny5Fa0vzAg7tNL95KWg_ecBNd3XP3tdAzq0SFA6diY4", token); +} diff --git a/src/jwt-cpp/Doxyfile b/src/jwt-cpp/Doxyfile new file mode 100644 index 000000000..e3303d2b9 --- /dev/null +++ b/src/jwt-cpp/Doxyfile @@ -0,0 +1,2494 @@ +# Doxyfile 1.8.13 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project. +# +# All text after a double hash (##) is considered a comment and is placed in +# front of the TAG it is preceding. +# +# All text after a single hash (#) is considered a comment and will be ignored. +# The format is: +# TAG = value [value, ...] +# For lists, items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (\" \"). + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all text +# before the first occurrence of this tag. Doxygen uses libiconv (or the iconv +# built into libc) for the transcoding. See http://www.gnu.org/software/libiconv +# for the list of possible encodings. +# The default value is: UTF-8. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded by +# double-quotes, unless you are using Doxywizard) that should identify the +# project for which the documentation is generated. This name is used in the +# title of most generated pages and in a few other places. +# The default value is: My Project. + +PROJECT_NAME = "JWT-C++" + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. This +# could be handy for archiving the generated documentation or if some version +# control system is used. + +PROJECT_NUMBER = + +# Using the PROJECT_BRIEF tag one can provide an optional one line description +# for a project that appears at the top of each page and should give viewer a +# quick idea about the purpose of the project. Keep the description short. + +PROJECT_BRIEF = + +# With the PROJECT_LOGO tag one can specify a logo or an icon that is included +# in the documentation. The maximum height of the logo should not exceed 55 +# pixels and the maximum width should not exceed 200 pixels. Doxygen will copy +# the logo to the output directory. + +PROJECT_LOGO = + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path +# into which the generated documentation will be written. If a relative path is +# entered, it will be relative to the location where doxygen was started. If +# left blank the current directory will be used. + +OUTPUT_DIRECTORY = docs + +# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub- +# directories (in 2 levels) under the output directory of each output format and +# will distribute the generated files over these directories. Enabling this +# option can be useful when feeding doxygen a huge amount of source files, where +# putting all generated files in the same directory would otherwise causes +# performance problems for the file system. +# The default value is: NO. + +CREATE_SUBDIRS = NO + +# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII +# characters to appear in the names of generated files. If set to NO, non-ASCII +# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode +# U+3044. +# The default value is: NO. + +ALLOW_UNICODE_NAMES = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese, +# Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States), +# Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian, +# Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en (Korean with English messages), Latvian, Lithuanian, +# Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian, +# Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish, +# Ukrainian and Vietnamese. +# The default value is: English. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member +# descriptions after the members that are listed in the file and class +# documentation (similar to Javadoc). Set to NO to disable this. +# The default value is: YES. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief +# description of a member or function before the detailed description +# +# Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. +# The default value is: YES. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator that is +# used to form the text in various listings. Each string in this list, if found +# as the leading text of the brief description, will be stripped from the text +# and the result, after processing the whole list, is used as the annotated +# text. Otherwise, the brief description is used as-is. If left blank, the +# following values are used ($name is automatically replaced with the name of +# the entity):The $name class, The $name widget, The $name file, is, provides, +# specifies, contains, represents, a, an and the. + +ABBREVIATE_BRIEF = "The $name class" \ + "The $name widget" \ + "The $name file" \ + is \ + provides \ + specifies \ + contains \ + represents \ + a \ + an \ + the + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# doxygen will generate a detailed section even if there is only a brief +# description. +# The default value is: NO. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. +# The default value is: NO. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path +# before files name in the file list and in the header files. If set to NO the +# shortest path that makes the file name unique will be used +# The default value is: YES. + +FULL_PATH_NAMES = YES + +# The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. +# Stripping is only done if one of the specified strings matches the left-hand +# part of the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the path to +# strip. +# +# Note that you can specify absolute paths here, but also relative paths, which +# will be relative from the directory where doxygen is started. +# This tag requires that the tag FULL_PATH_NAMES is set to YES. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the +# path mentioned in the documentation of a class, which tells the reader which +# header file to include in order to use a class. If left blank only the name of +# the header file containing the class definition is used. Otherwise one should +# specify the list of include paths that are normally passed to the compiler +# using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but +# less readable) file names. This can be useful is your file systems doesn't +# support long names like on DOS, Mac, or CD-ROM. +# The default value is: NO. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the +# first line (until the first dot) of a Javadoc-style comment as the brief +# description. If set to NO, the Javadoc-style will behave just like regular Qt- +# style comments (thus requiring an explicit @brief command for a brief +# description.) +# The default value is: NO. + +JAVADOC_AUTOBRIEF = NO + +# If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first +# line (until the first dot) of a Qt-style comment as the brief description. If +# set to NO, the Qt-style will behave just like regular Qt-style comments (thus +# requiring an explicit \brief command for a brief description.) +# The default value is: NO. + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a +# multi-line C++ special comment block (i.e. a block of //! or /// comments) as +# a brief description. This used to be the default behavior. The new default is +# to treat a multi-line C++ comment block as a detailed description. Set this +# tag to YES if you prefer the old behavior instead. +# +# Note that setting this tag to YES also means that rational rose comments are +# not recognized any more. +# The default value is: NO. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the +# documentation from any documented member that it re-implements. +# The default value is: YES. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new +# page for each member. If set to NO, the documentation of a member will be part +# of the file/class/namespace that contains it. +# The default value is: NO. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen +# uses this value to replace tabs by spaces in code fragments. +# Minimum value: 1, maximum value: 16, default value: 4. + +TAB_SIZE = 4 + +# This tag can be used to specify a number of aliases that act as commands in +# the documentation. An alias has the form: +# name=value +# For example adding +# "sideeffect=@par Side Effects:\n" +# will allow you to put the command \sideeffect (or @sideeffect) in the +# documentation, which will result in a user-defined paragraph with heading +# "Side Effects:". You can put \n's in the value part of an alias to insert +# newlines. + +ALIASES = + +# This tag can be used to specify a number of word-keyword mappings (TCL only). +# A mapping has the form "name=value". For example adding "class=itcl::class" +# will allow you to use the command class in the itcl::class meaning. + +TCL_SUBST = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources +# only. Doxygen will then generate output that is more tailored for C. For +# instance, some of the names that are used will be different. The list of all +# members will be omitted, etc. +# The default value is: NO. + +OPTIMIZE_OUTPUT_FOR_C = NO + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or +# Python sources only. Doxygen will then generate output that is more tailored +# for that language. For instance, namespaces will be presented as packages, +# qualified scopes will look different, etc. +# The default value is: NO. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources. Doxygen will then generate output that is tailored for Fortran. +# The default value is: NO. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for VHDL. +# The default value is: NO. + +OPTIMIZE_OUTPUT_VHDL = NO + +# Doxygen selects the parser to use depending on the extension of the files it +# parses. With this tag you can assign which parser to use for a given +# extension. Doxygen has a built-in mapping, but you can override or extend it +# using this tag. The format is ext=language, where ext is a file extension, and +# language is one of the parsers supported by doxygen: IDL, Java, Javascript, +# C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: +# FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: +# Fortran. In the later case the parser tries to guess whether the code is fixed +# or free formatted code, this is the default for Fortran type files), VHDL. For +# instance to make doxygen treat .inc files as Fortran files (default is PHP), +# and .f files as C (default is Fortran), use: inc=Fortran f=C. +# +# Note: For files without extension you can use no_extension as a placeholder. +# +# Note that for custom extensions you also need to set FILE_PATTERNS otherwise +# the files are not read by doxygen. + +EXTENSION_MAPPING = + +# If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments +# according to the Markdown format, which allows for more readable +# documentation. See http://daringfireball.net/projects/markdown/ for details. +# The output of markdown processing is further processed by doxygen, so you can +# mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in +# case of backward compatibilities issues. +# The default value is: YES. + +MARKDOWN_SUPPORT = YES + +# When the TOC_INCLUDE_HEADINGS tag is set to a non-zero value, all headings up +# to that level are automatically included in the table of contents, even if +# they do not have an id attribute. +# Note: This feature currently applies only to Markdown headings. +# Minimum value: 0, maximum value: 99, default value: 0. +# This tag requires that the tag MARKDOWN_SUPPORT is set to YES. + +TOC_INCLUDE_HEADINGS = 0 + +# When enabled doxygen tries to link words that correspond to documented +# classes, or namespaces to their corresponding documentation. Such a link can +# be prevented in individual cases by putting a % sign in front of the word or +# globally by setting AUTOLINK_SUPPORT to NO. +# The default value is: YES. + +AUTOLINK_SUPPORT = YES + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should set this +# tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); +# versus func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. +# The default value is: NO. + +BUILTIN_STL_SUPPORT = YES + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. +# The default value is: NO. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip (see: +# http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen +# will parse them like normal C++ but will assume all classes use public instead +# of private inheritance when no explicit protection keyword is present. +# The default value is: NO. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate +# getter and setter methods for a property. Setting this option to YES will make +# doxygen to replace the get and set methods by a property in the documentation. +# This will only work if the methods are indeed getting or setting a simple +# type. If this is not the case, or you want to show the methods anyway, you +# should set this option to NO. +# The default value is: YES. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. +# The default value is: NO. + +DISTRIBUTE_GROUP_DOC = NO + +# If one adds a struct or class to a group and this option is enabled, then also +# any nested class or struct is added to the same group. By default this option +# is disabled and one has to add nested compounds explicitly via \ingroup. +# The default value is: NO. + +GROUP_NESTED_COMPOUNDS = NO + +# Set the SUBGROUPING tag to YES to allow class member groups of the same type +# (for instance a group of public functions) to be put as a subgroup of that +# type (e.g. under the Public Functions section). Set it to NO to prevent +# subgrouping. Alternatively, this can be done per class using the +# \nosubgrouping command. +# The default value is: YES. + +SUBGROUPING = YES + +# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions +# are shown inside the group in which they are included (e.g. using \ingroup) +# instead of on a separate page (for HTML and Man pages) or section (for LaTeX +# and RTF). +# +# Note that this feature does not work in combination with +# SEPARATE_MEMBER_PAGES. +# The default value is: NO. + +INLINE_GROUPED_CLASSES = NO + +# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions +# with only public data fields or simple typedef fields will be shown inline in +# the documentation of the scope in which they are defined (i.e. file, +# namespace, or group documentation), provided this scope is documented. If set +# to NO, structs, classes, and unions are shown on a separate page (for HTML and +# Man pages) or section (for LaTeX and RTF). +# The default value is: NO. + +INLINE_SIMPLE_STRUCTS = NO + +# When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or +# enum is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically be +# useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. +# The default value is: NO. + +TYPEDEF_HIDES_STRUCT = NO + +# The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This +# cache is used to resolve symbols given their name and scope. Since this can be +# an expensive process and often the same symbol appears multiple times in the +# code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small +# doxygen will become slower. If the cache is too large, memory is wasted. The +# cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range +# is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 +# symbols. At the end of a run doxygen will report the cache usage and suggest +# the optimal cache size from a speed point of view. +# Minimum value: 0, maximum value: 9, default value: 0. + +LOOKUP_CACHE_SIZE = 0 + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in +# documentation are documented, even if no documentation was available. Private +# class members and static file members will be hidden unless the +# EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. +# Note: This will also disable the warnings about undocumented members that are +# normally produced when WARNINGS is set to YES. +# The default value is: NO. + +EXTRACT_ALL = NO + +# If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will +# be included in the documentation. +# The default value is: NO. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal +# scope will be included in the documentation. +# The default value is: NO. + +EXTRACT_PACKAGE = NO + +# If the EXTRACT_STATIC tag is set to YES, all static members of a file will be +# included in the documentation. +# The default value is: NO. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined +# locally in source files will be included in the documentation. If set to NO, +# only classes defined in header files are included. Does not have any effect +# for Java sources. +# The default value is: YES. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. If set to YES, local methods, +# which are defined in the implementation section but not in the interface are +# included in the documentation. If set to NO, only methods in the interface are +# included. +# The default value is: NO. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base name of +# the file that contains the anonymous namespace. By default anonymous namespace +# are hidden. +# The default value is: NO. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all +# undocumented members inside documented classes or files. If set to NO these +# members will be included in the various overviews, but no documentation +# section is generated. This option has no effect if EXTRACT_ALL is enabled. +# The default value is: NO. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. If set +# to NO, these classes will be included in the various overviews. This option +# has no effect if EXTRACT_ALL is enabled. +# The default value is: NO. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend +# (class|struct|union) declarations. If set to NO, these declarations will be +# included in the documentation. +# The default value is: NO. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any +# documentation blocks found inside the body of a function. If set to NO, these +# blocks will be appended to the function's detailed documentation block. +# The default value is: NO. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation that is typed after a +# \internal command is included. If the tag is set to NO then the documentation +# will be excluded. Set it to YES to include the internal documentation. +# The default value is: NO. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file +# names in lower-case letters. If set to YES, upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. +# The default value is: system dependent. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with +# their full class and namespace scopes in the documentation. If set to YES, the +# scope will be hidden. +# The default value is: NO. + +HIDE_SCOPE_NAMES = NO + +# If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will +# append additional text to a page's title, such as Class Reference. If set to +# YES the compound reference will be hidden. +# The default value is: NO. + +HIDE_COMPOUND_REFERENCE= NO + +# If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of +# the files that are included by a file in the documentation of that file. +# The default value is: YES. + +SHOW_INCLUDE_FILES = YES + +# If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each +# grouped member an include statement to the documentation, telling the reader +# which file to include in order to use the member. +# The default value is: NO. + +SHOW_GROUPED_MEMB_INC = NO + +# If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include +# files with double quotes in the documentation rather than with sharp brackets. +# The default value is: NO. + +FORCE_LOCAL_INCLUDES = NO + +# If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the +# documentation for inline members. +# The default value is: YES. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the +# (detailed) documentation of file and class members alphabetically by member +# name. If set to NO, the members will appear in declaration order. +# The default value is: YES. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief +# descriptions of file, namespace and class members alphabetically by member +# name. If set to NO, the members will appear in declaration order. Note that +# this will also influence the order of the classes in the class list. +# The default value is: NO. + +SORT_BRIEF_DOCS = NO + +# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the +# (brief and detailed) documentation of class members so that constructors and +# destructors are listed first. If set to NO the constructors will appear in the +# respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. +# Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief +# member documentation. +# Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting +# detailed member documentation. +# The default value is: NO. + +SORT_MEMBERS_CTORS_1ST = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy +# of group names into alphabetical order. If set to NO the group names will +# appear in their defined order. +# The default value is: NO. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by +# fully-qualified names, including namespaces. If set to NO, the class list will +# be sorted only by class name, not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the alphabetical +# list. +# The default value is: NO. + +SORT_BY_SCOPE_NAME = NO + +# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper +# type resolution of all parameters of a function it will reject a match between +# the prototype and the implementation of a member function even if there is +# only one candidate or it is obvious which candidate to choose by doing a +# simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still +# accept a match between prototype and implementation in such cases. +# The default value is: NO. + +STRICT_PROTO_MATCHING = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo +# list. This list is created by putting \todo commands in the documentation. +# The default value is: YES. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test +# list. This list is created by putting \test commands in the documentation. +# The default value is: YES. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug +# list. This list is created by putting \bug commands in the documentation. +# The default value is: YES. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO) +# the deprecated list. This list is created by putting \deprecated commands in +# the documentation. +# The default value is: YES. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional documentation +# sections, marked by \if ... \endif and \cond +# ... \endcond blocks. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the +# initial value of a variable or macro / define can have for it to appear in the +# documentation. If the initializer consists of more lines than specified here +# it will be hidden. Use a value of 0 to hide initializers completely. The +# appearance of the value of individual variables and macros / defines can be +# controlled using \showinitializer or \hideinitializer command in the +# documentation regardless of this setting. +# Minimum value: 0, maximum value: 10000, default value: 30. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated at +# the bottom of the documentation of classes and structs. If set to YES, the +# list will mention the files that were used to generate the documentation. +# The default value is: YES. + +SHOW_USED_FILES = YES + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. This +# will remove the Files entry from the Quick Index and from the Folder Tree View +# (if specified). +# The default value is: YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces +# page. This will remove the Namespaces entry from the Quick Index and from the +# Folder Tree View (if specified). +# The default value is: YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command command input-file, where command is the value of the +# FILE_VERSION_FILTER tag, and input-file is the name of an input file provided +# by doxygen. Whatever the program writes to standard output is used as the file +# version. For an example see the documentation. + +FILE_VERSION_FILTER = + +# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed +# by doxygen. The layout file controls the global structure of the generated +# output files in an output format independent way. To create the layout file +# that represents doxygen's defaults, run doxygen with the -l option. You can +# optionally specify a file name after the option, if omitted DoxygenLayout.xml +# will be used as the name of the layout file. +# +# Note that if you run doxygen from a directory containing a file called +# DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE +# tag is left empty. + +LAYOUT_FILE = + +# The CITE_BIB_FILES tag can be used to specify one or more bib files containing +# the reference definitions. This must be a list of .bib files. The .bib +# extension is automatically appended if omitted. This requires the bibtex tool +# to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. +# For LaTeX the style of the bibliography can be controlled using +# LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the +# search path. See also \cite for info how to create references. + +CITE_BIB_FILES = + +#--------------------------------------------------------------------------- +# Configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated to +# standard output by doxygen. If QUIET is set to YES this implies that the +# messages are off. +# The default value is: NO. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated to standard error (stderr) by doxygen. If WARNINGS is set to YES +# this implies that the warnings are on. +# +# Tip: Turn warnings on while writing the documentation. +# The default value is: YES. + +WARNINGS = YES + +# If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate +# warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag +# will automatically be disabled. +# The default value is: YES. + +WARN_IF_UNDOCUMENTED = YES + +# If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some parameters +# in a documented function, or documenting parameters that don't exist or using +# markup commands wrongly. +# The default value is: YES. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that +# are documented, but have no documentation for their parameters or return +# value. If set to NO, doxygen will only warn about wrong or incomplete +# parameter documentation, but not about the absence of documentation. +# The default value is: NO. + +WARN_NO_PARAMDOC = NO + +# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when +# a warning is encountered. +# The default value is: NO. + +WARN_AS_ERROR = NO + +# The WARN_FORMAT tag determines the format of the warning messages that doxygen +# can produce. The string should contain the $file, $line, and $text tags, which +# will be replaced by the file and line number from which the warning originated +# and the warning text. Optionally the format may contain $version, which will +# be replaced by the version of the file (if it could be obtained via +# FILE_VERSION_FILTER) +# The default value is: $file:$line: $text. + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning and error +# messages should be written. If left blank the output is written to standard +# error (stderr). + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# Configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag is used to specify the files and/or directories that contain +# documented source files. You may enter file names like myfile.cpp or +# directories like /usr/src/myproject. Separate the files or directories with +# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING +# Note: If this tag is empty the current directory is searched. + +INPUT = include README.md + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses +# libiconv (or the iconv built into libc) for the transcoding. See the libiconv +# documentation (see: http://www.gnu.org/software/libiconv) for the list of +# possible encodings. +# The default value is: UTF-8. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and +# *.h) to filter out the source-files in the directories. +# +# Note that for custom extensions or not directly supported extensions you also +# need to set EXTENSION_MAPPING for the extension otherwise the files are not +# read by doxygen. +# +# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp, +# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, +# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, +# *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, +# *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf and *.qsf. + +FILE_PATTERNS = *.c \ + *.cc \ + *.cxx \ + *.cpp \ + *.c++ \ + *.java \ + *.ii \ + *.ixx \ + *.ipp \ + *.i++ \ + *.inl \ + *.idl \ + *.ddl \ + *.odl \ + *.h \ + *.hh \ + *.hxx \ + *.hpp \ + *.h++ \ + *.cs \ + *.d \ + *.php \ + *.php4 \ + *.php5 \ + *.phtml \ + *.inc \ + *.m \ + *.markdown \ + *.md \ + *.mm \ + *.dox \ + *.py \ + *.pyw \ + *.f90 \ + *.f95 \ + *.f03 \ + *.f08 \ + *.f \ + *.for \ + *.tcl \ + *.vhd \ + *.vhdl \ + *.ucf \ + *.qsf + +# The RECURSIVE tag can be used to specify whether or not subdirectories should +# be searched for input files as well. +# The default value is: NO. + +RECURSIVE = YES + +# The EXCLUDE tag can be used to specify files and/or directories that should be +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. +# +# Note that relative paths are relative to the directory from which doxygen is +# run. + +EXCLUDE = include/jwt-cpp/picojson.h + +# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or +# directories that are symbolic links (a Unix file system feature) are excluded +# from the input. +# The default value is: NO. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. +# +# Note that the wildcards are matched against the file with absolute path, so to +# exclude all test directories for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test +# +# Note that the wildcards are matched against the file with absolute path, so to +# exclude all test directories use the pattern */test/* + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or directories +# that contain example code fragments that are included (see the \include +# command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and +# *.h) to filter out the source-files in the directories. If left blank all +# files are included. + +EXAMPLE_PATTERNS = * + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude commands +# irrespective of the value of the RECURSIVE tag. +# The default value is: NO. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or directories +# that contain images that are to be included in the documentation (see the +# \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command: +# +# +# +# where is the value of the INPUT_FILTER tag, and is the +# name of an input file. Doxygen will then use the output that the filter +# program writes to standard output. If FILTER_PATTERNS is specified, this tag +# will be ignored. +# +# Note that the filter must not add or remove lines; it is applied before the +# code is scanned, but not when the output code is generated. If lines are added +# or removed, the anchors will not be placed correctly. +# +# Note that for custom extensions or not directly supported extensions you also +# need to set EXTENSION_MAPPING for the extension otherwise the files are not +# properly processed by doxygen. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: pattern=filter +# (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how +# filters are used. If the FILTER_PATTERNS tag is empty or if none of the +# patterns match the file name, INPUT_FILTER is applied. +# +# Note that for custom extensions or not directly supported extensions you also +# need to set EXTENSION_MAPPING for the extension otherwise the files are not +# properly processed by doxygen. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will also be used to filter the input files that are used for +# producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). +# The default value is: NO. + +FILTER_SOURCE_FILES = NO + +# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file +# pattern. A pattern will override the setting for FILTER_PATTERN (if any) and +# it is also possible to disable source filtering for a specific pattern using +# *.ext= (so without naming a filter). +# This tag requires that the tag FILTER_SOURCE_FILES is set to YES. + +FILTER_SOURCE_PATTERNS = + +# If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that +# is part of the input, its contents will be placed on the main page +# (index.html). This can be useful if you have a project on for instance GitHub +# and want to reuse the introduction page also for the doxygen output. + +USE_MDFILE_AS_MAINPAGE = README.md + +#--------------------------------------------------------------------------- +# Configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will be +# generated. Documented entities will be cross-referenced with these sources. +# +# Note: To get rid of all source code in the generated output, make sure that +# also VERBATIM_HEADERS is set to NO. +# The default value is: NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body of functions, +# classes and enums directly into the documentation. +# The default value is: NO. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any +# special comment blocks from generated source code fragments. Normal C, C++ and +# Fortran comments will always remain visible. +# The default value is: YES. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES then for each documented +# function all documented functions referencing it will be listed. +# The default value is: NO. + +REFERENCED_BY_RELATION = NO + +# If the REFERENCES_RELATION tag is set to YES then for each documented function +# all documented entities called/used by that function will be listed. +# The default value is: NO. + +REFERENCES_RELATION = NO + +# If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set +# to YES then the hyperlinks from functions in REFERENCES_RELATION and +# REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will +# link to the documentation. +# The default value is: YES. + +REFERENCES_LINK_SOURCE = YES + +# If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the +# source code will show a tooltip with additional information such as prototype, +# brief description and links to the definition and documentation. Since this +# will make the HTML file larger and loading of large files a bit slower, you +# can opt to disable this feature. +# The default value is: YES. +# This tag requires that the tag SOURCE_BROWSER is set to YES. + +SOURCE_TOOLTIPS = YES + +# If the USE_HTAGS tag is set to YES then the references to source code will +# point to the HTML generated by the htags(1) tool instead of doxygen built-in +# source browser. The htags tool is part of GNU's global source tagging system +# (see http://www.gnu.org/software/global/global.html). You will need version +# 4.8.6 or higher. +# +# To use it do the following: +# - Install the latest version of global +# - Enable SOURCE_BROWSER and USE_HTAGS in the config file +# - Make sure the INPUT points to the root of the source tree +# - Run doxygen as normal +# +# Doxygen will invoke htags (and that will in turn invoke gtags), so these +# tools must be available from the command line (i.e. in the search path). +# +# The result: instead of the source browser generated by doxygen, the links to +# source code will now point to the output of htags. +# The default value is: NO. +# This tag requires that the tag SOURCE_BROWSER is set to YES. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a +# verbatim copy of the header file for each class for which an include is +# specified. Set to NO to disable this. +# See also: Section \class. +# The default value is: YES. + +VERBATIM_HEADERS = YES + +# If the CLANG_ASSISTED_PARSING tag is set to YES then doxygen will use the +# clang parser (see: http://clang.llvm.org/) for more accurate parsing at the +# cost of reduced performance. This can be particularly helpful with template +# rich C++ code for which doxygen's built-in parser lacks the necessary type +# information. +# Note: The availability of this option depends on whether or not doxygen was +# generated with the -Duse-libclang=ON option for CMake. +# The default value is: NO. + +CLANG_ASSISTED_PARSING = NO + +# If clang assisted parsing is enabled you can provide the compiler with command +# line options that you would normally use when invoking the compiler. Note that +# the include paths will already be set by doxygen for the files and directories +# specified with INPUT and INCLUDE_PATH. +# This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES. + +CLANG_OPTIONS = + +#--------------------------------------------------------------------------- +# Configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all +# compounds will be generated. Enable this if the project contains a lot of +# classes, structs, unions or interfaces. +# The default value is: YES. + +ALPHABETICAL_INDEX = YES + +# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in +# which the alphabetical index list will be split. +# Minimum value: 1, maximum value: 20, default value: 5. +# This tag requires that the tag ALPHABETICAL_INDEX is set to YES. + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all classes will +# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag +# can be used to specify a prefix (or a list of prefixes) that should be ignored +# while generating the index headers. +# This tag requires that the tag ALPHABETICAL_INDEX is set to YES. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output +# The default value is: YES. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a +# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of +# it. +# The default directory is: html. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each +# generated HTML page (for example: .htm, .php, .asp). +# The default value is: .html. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a user-defined HTML header file for +# each generated HTML page. If the tag is left blank doxygen will generate a +# standard header. +# +# To get valid HTML the header file that includes any scripts and style sheets +# that doxygen needs, which is dependent on the configuration options used (e.g. +# the setting GENERATE_TREEVIEW). It is highly recommended to start with a +# default header using +# doxygen -w html new_header.html new_footer.html new_stylesheet.css +# YourConfigFile +# and then modify the file new_header.html. See also section "Doxygen usage" +# for information on how to generate the default header that doxygen normally +# uses. +# Note: The header is subject to change so you typically have to regenerate the +# default header when upgrading to a newer version of doxygen. For a description +# of the possible markers and block names see the documentation. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each +# generated HTML page. If the tag is left blank doxygen will generate a standard +# footer. See HTML_HEADER for more information on how to generate a default +# footer and what special commands can be used inside the footer. See also +# section "Doxygen usage" for information on how to generate the default footer +# that doxygen normally uses. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading style +# sheet that is used by each HTML page. It can be used to fine-tune the look of +# the HTML output. If left blank doxygen will generate a default style sheet. +# See also section "Doxygen usage" for information on how to generate the style +# sheet that doxygen normally uses. +# Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as +# it is more robust and this tag (HTML_STYLESHEET) will in the future become +# obsolete. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_STYLESHEET = + +# The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined +# cascading style sheets that are included after the standard style sheets +# created by doxygen. Using this option one can overrule certain style aspects. +# This is preferred over using HTML_STYLESHEET since it does not replace the +# standard style sheet and is therefore more robust against future updates. +# Doxygen will copy the style sheet files to the output directory. +# Note: The order of the extra style sheet files is of importance (e.g. the last +# style sheet in the list overrules the setting of the previous ones in the +# list). For an example see the documentation. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_EXTRA_STYLESHEET = + +# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or +# other source files which should be copied to the HTML output directory. Note +# that these files will be copied to the base HTML output directory. Use the +# $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these +# files. In the HTML_STYLESHEET file, use the file name only. Also note that the +# files will be copied as-is; there are no commands or markers available. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_EXTRA_FILES = + +# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen +# will adjust the colors in the style sheet and background images according to +# this color. Hue is specified as an angle on a colorwheel, see +# http://en.wikipedia.org/wiki/Hue for more information. For instance the value +# 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 +# purple, and 360 is red again. +# Minimum value: 0, maximum value: 359, default value: 220. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_HUE = 220 + +# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors +# in the HTML output. For a value of 0 the output will use grayscales only. A +# value of 255 will produce the most vivid colors. +# Minimum value: 0, maximum value: 255, default value: 100. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_SAT = 100 + +# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the +# luminance component of the colors in the HTML output. Values below 100 +# gradually make the output lighter, whereas values above 100 make the output +# darker. The value divided by 100 is the actual gamma applied, so 80 represents +# a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not +# change the gamma. +# Minimum value: 40, maximum value: 240, default value: 80. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_GAMMA = 80 + +# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML +# page will contain the date and time when the page was generated. Setting this +# to YES can help to show when doxygen was last run and thus if the +# documentation is up to date. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_TIMESTAMP = NO + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_DYNAMIC_SECTIONS = NO + +# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries +# shown in the various tree structured indices initially; the user can expand +# and collapse entries dynamically later on. Doxygen will expand the tree to +# such a level that at most the specified number of entries are visible (unless +# a fully collapsed tree already exceeds this amount). So setting the number of +# entries 1 will produce a full collapsed tree by default. 0 is a special value +# representing an infinite number of entries and will result in a full expanded +# tree by default. +# Minimum value: 0, maximum value: 9999, default value: 100. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_INDEX_NUM_ENTRIES = 100 + +# If the GENERATE_DOCSET tag is set to YES, additional index files will be +# generated that can be used as input for Apple's Xcode 3 integrated development +# environment (see: http://developer.apple.com/tools/xcode/), introduced with +# OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a +# Makefile in the HTML output directory. Running make will produce the docset in +# that directory and running make install will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at +# startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html +# for more information. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_DOCSET = NO + +# This tag determines the name of the docset feed. A documentation feed provides +# an umbrella under which multiple documentation sets from a single provider +# (such as a company or product suite) can be grouped. +# The default value is: Doxygen generated docs. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# This tag specifies a string that should uniquely identify the documentation +# set bundle. This should be a reverse domain-name style string, e.g. +# com.mycompany.MyDocSet. Doxygen will append .docset to the name. +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify +# the documentation publisher. This should be a reverse domain-name style +# string, e.g. com.mycompany.MyDocSet.documentation. +# The default value is: org.doxygen.Publisher. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_PUBLISHER_ID = org.doxygen.Publisher + +# The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. +# The default value is: Publisher. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_PUBLISHER_NAME = Publisher + +# If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three +# additional HTML index files: index.hhp, index.hhc, and index.hhk. The +# index.hhp is a project file that can be read by Microsoft's HTML Help Workshop +# (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on +# Windows. +# +# The HTML Help Workshop contains a compiler that can convert all HTML output +# generated by doxygen into a single compiled HTML file (.chm). Compiled HTML +# files are now used as the Windows 98 help format, and will replace the old +# Windows help format (.hlp) on all Windows platforms in the future. Compressed +# HTML files also contain an index, a table of contents, and you can search for +# words in the documentation. The HTML workshop also contains a viewer for +# compressed HTML files. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_HTMLHELP = NO + +# The CHM_FILE tag can be used to specify the file name of the resulting .chm +# file. You can add a path in front of the file if the result should not be +# written to the html output directory. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +CHM_FILE = + +# The HHC_LOCATION tag can be used to specify the location (absolute path +# including file name) of the HTML help compiler (hhc.exe). If non-empty, +# doxygen will try to run the HTML help compiler on the generated index.hhp. +# The file has to be specified with full path. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +HHC_LOCATION = + +# The GENERATE_CHI flag controls if a separate .chi index file is generated +# (YES) or that it should be included in the master .chm file (NO). +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +GENERATE_CHI = NO + +# The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc) +# and project file content. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +CHM_INDEX_ENCODING = + +# The BINARY_TOC flag controls whether a binary table of contents is generated +# (YES) or a normal table of contents (NO) in the .chm file. Furthermore it +# enables the Previous and Next buttons. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members to +# the table of contents of the HTML help documentation and to the tree view. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +TOC_EXPAND = NO + +# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and +# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that +# can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help +# (.qch) of the generated HTML documentation. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_QHP = NO + +# If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify +# the file name of the resulting .qch file. The path specified is relative to +# the HTML output folder. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QCH_FILE = + +# The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help +# Project output. For more information please see Qt Help Project / Namespace +# (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_NAMESPACE = org.doxygen.Project + +# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt +# Help Project output. For more information please see Qt Help Project / Virtual +# Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- +# folders). +# The default value is: doc. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_VIRTUAL_FOLDER = doc + +# If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom +# filter to add. For more information please see Qt Help Project / Custom +# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- +# filters). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_CUST_FILTER_NAME = + +# The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the +# custom filter to add. For more information please see Qt Help Project / Custom +# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- +# filters). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_CUST_FILTER_ATTRS = + +# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this +# project's filter section matches. Qt Help Project / Filter Attributes (see: +# http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_SECT_FILTER_ATTRS = + +# The QHG_LOCATION tag can be used to specify the location of Qt's +# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the +# generated .qhp file. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHG_LOCATION = + +# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be +# generated, together with the HTML files, they form an Eclipse help plugin. To +# install this plugin and make it available under the help contents menu in +# Eclipse, the contents of the directory containing the HTML and XML files needs +# to be copied into the plugins directory of eclipse. The name of the directory +# within the plugins directory should be the same as the ECLIPSE_DOC_ID value. +# After copying Eclipse needs to be restarted before the help appears. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_ECLIPSEHELP = NO + +# A unique identifier for the Eclipse help plugin. When installing the plugin +# the directory name containing the HTML and XML files should also have this +# name. Each documentation set should have its own identifier. +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. + +ECLIPSE_DOC_ID = org.doxygen.Project + +# If you want full control over the layout of the generated HTML pages it might +# be necessary to disable the index and replace it with your own. The +# DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top +# of each HTML page. A value of NO enables the index and the value YES disables +# it. Since the tabs in the index contain the same information as the navigation +# tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +DISABLE_INDEX = NO + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. If the tag +# value is set to YES, a side panel will be generated containing a tree-like +# index structure (just like the one that is generated for HTML Help). For this +# to work a browser that supports JavaScript, DHTML, CSS and frames is required +# (i.e. any modern browser). Windows users are probably better off using the +# HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can +# further fine-tune the look of the index. As an example, the default style +# sheet generated by doxygen has an example that shows how to put an image at +# the root of the tree instead of the PROJECT_NAME. Since the tree basically has +# the same information as the tab index, you could consider setting +# DISABLE_INDEX to YES when enabling this option. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_TREEVIEW = NO + +# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that +# doxygen will group on one line in the generated HTML documentation. +# +# Note that a value of 0 will completely suppress the enum values from appearing +# in the overview section. +# Minimum value: 0, maximum value: 20, default value: 4. +# This tag requires that the tag GENERATE_HTML is set to YES. + +ENUM_VALUES_PER_LINE = 4 + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used +# to set the initial width (in pixels) of the frame in which the tree is shown. +# Minimum value: 0, maximum value: 1500, default value: 250. +# This tag requires that the tag GENERATE_HTML is set to YES. + +TREEVIEW_WIDTH = 250 + +# If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to +# external symbols imported via tag files in a separate window. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +EXT_LINKS_IN_WINDOW = NO + +# Use this tag to change the font size of LaTeX formulas included as images in +# the HTML documentation. When you change the font size after a successful +# doxygen run you need to manually remove any form_*.png images from the HTML +# output directory to force them to be regenerated. +# Minimum value: 8, maximum value: 50, default value: 10. +# This tag requires that the tag GENERATE_HTML is set to YES. + +FORMULA_FONTSIZE = 10 + +# Use the FORMULA_TRANPARENT tag to determine whether or not the images +# generated for formulas are transparent PNGs. Transparent PNGs are not +# supported properly for IE 6.0, but are supported on all modern browsers. +# +# Note that when changing this option you need to delete any form_*.png files in +# the HTML output directory before the changes have effect. +# The default value is: YES. +# This tag requires that the tag GENERATE_HTML is set to YES. + +FORMULA_TRANSPARENT = YES + +# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see +# http://www.mathjax.org) which uses client side Javascript for the rendering +# instead of using pre-rendered bitmaps. Use this if you do not have LaTeX +# installed or if you want to formulas look prettier in the HTML output. When +# enabled you may also need to install MathJax separately and configure the path +# to it using the MATHJAX_RELPATH option. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +USE_MATHJAX = NO + +# When MathJax is enabled you can set the default output format to be used for +# the MathJax output. See the MathJax site (see: +# http://docs.mathjax.org/en/latest/output.html) for more details. +# Possible values are: HTML-CSS (which is slower, but has the best +# compatibility), NativeMML (i.e. MathML) and SVG. +# The default value is: HTML-CSS. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_FORMAT = HTML-CSS + +# When MathJax is enabled you need to specify the location relative to the HTML +# output directory using the MATHJAX_RELPATH option. The destination directory +# should contain the MathJax.js script. For instance, if the mathjax directory +# is located at the same level as the HTML output directory, then +# MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax +# Content Delivery Network so you can quickly see the result without installing +# MathJax. However, it is strongly recommended to install a local copy of +# MathJax from http://www.mathjax.org before deployment. +# The default value is: http://cdn.mathjax.org/mathjax/latest. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest + +# The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax +# extension names that should be enabled during MathJax rendering. For example +# MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_EXTENSIONS = + +# The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces +# of code that will be used on startup of the MathJax code. See the MathJax site +# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an +# example see the documentation. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_CODEFILE = + +# When the SEARCHENGINE tag is enabled doxygen will generate a search box for +# the HTML output. The underlying search engine uses javascript and DHTML and +# should work on any modern browser. Note that when using HTML help +# (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) +# there is already a search function so this one should typically be disabled. +# For large projects the javascript based search engine can be slow, then +# enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to +# search using the keyboard; to jump to the search box use + S +# (what the is depends on the OS and browser, but it is typically +# , /
+ + +
From 9a353d0b6d23a6d8306040f61a2d1af0a93d40ac Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Jun 2019 11:44:21 -0400 Subject: [PATCH 221/360] don't set frame size --- src/zm_videostore.cpp | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index ed4365cc5..0e34418f1 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -285,8 +285,8 @@ VideoStore::VideoStore( video_last_pts = 0; video_last_dts = 0; - video_first_pts = 0; - video_first_dts = 0; + audio_first_pts = 0; + audio_first_dts = 0; audio_next_pts = 0; audio_next_dts = 0; @@ -371,8 +371,6 @@ VideoStore::VideoStore( audio_out_ctx->codec_tag = 0; #endif - audio_out_ctx->frame_size = audio_in_ctx->frame_size; - if ( audio_out_ctx->channels > 1 ) { Warning("Audio isn't mono, changing it."); audio_out_ctx->channels = 1; @@ -1019,7 +1017,7 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { Debug(1, "No video_first_pts setting to %" PRId64, audio_first_pts); out_frame->pts = 0; } else { - out_frame->pts = out_frame->pts - video_first_pts; + out_frame->pts = out_frame->pts - audio_first_pts; zm_dump_frame(out_frame, "Out frame after pts adjustment"); } // @@ -1102,7 +1100,7 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { audio_in_stream->time_base, audio_out_stream->time_base); Debug(2, "audio opkt.pts = %" PRId64 " from ipkt->pts(%" PRId64 ") - first_pts(%" PRId64 ")", - opkt.pts, ipkt->pts, video_first_pts); + opkt.pts, ipkt->pts, audio_first_pts); } } else { Debug(2, "opkt.pts = undef"); @@ -1120,16 +1118,16 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { opkt.dts = audio_next_dts + av_rescale_q( audio_in_stream->cur_dts - audio_last_dts, AV_TIME_BASE_Q, audio_out_stream->time_base); } #endif - if ( !video_first_dts ) { + if ( !audio_first_dts ) { opkt.dts = 0; - video_first_dts = ipkt->dts; + audio_first_dts = ipkt->dts; } else { opkt.dts = av_rescale_q( ipkt->dts - audio_first_dts, audio_in_stream->time_base, audio_out_stream->time_base); Debug(2, "opkt.dts = %" PRId64 " from ipkt.dts(%" PRId64 ") - first_dts(%" PRId64 ")", - opkt.dts, ipkt->dts, video_first_dts); + opkt.dts, ipkt->dts, audio_first_dts); } audio_last_dts = ipkt->dts; } else { From 46c19c7efbf74a708da04c2eb03625ee376b215f Mon Sep 17 00:00:00 2001 From: Tom Hodder Date: Mon, 24 Jun 2019 16:45:40 +0100 Subject: [PATCH 222/360] fix for zone overlay scaling issues in montage (#2643) * remove extra px in svg tag * add js method to track liveStream img size for zones * switch to using SVG scaling to deal with zone polygons * update jsdoc for eslint * fix blank lines eslint issue --- web/skins/classic/views/js/montage.js | 26 ++++++++++++-------------- web/skins/classic/views/montage.php | 4 ++-- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/web/skins/classic/views/js/montage.js b/web/skins/classic/views/js/montage.js index 23d2f32ec..1599e0dd7 100644 --- a/web/skins/classic/views/js/montage.js +++ b/web/skins/classic/views/js/montage.js @@ -204,7 +204,13 @@ function Monitor(monitorData) { } } // end function Monitor +/** + * called when the layoutControl select element is changed, or the page + * is rendered + * @param {*} element - the event data passed by onchange callback + */ function selectLayout(element) { + console.dir(element); layout = $j(element).val(); if ( layout_id = parseInt(layout) ) { @@ -266,14 +272,13 @@ function selectLayout(element) { } streamImg.style.width = '100%'; } - var zonesSVG = $('zones'+monitor.id); - if ( zonesSVG ) { - zonesSVG.style.width = ''; - } } // end foreach monitor } } // end function selectLayout(element) +/** + * called when the widthControl|heightControl select elements are changed + */ function changeSize() { var width = $('width').get('value'); var height = $('height').get('value'); @@ -309,11 +314,6 @@ function changeSize() { streamImg.style.height = height ? height : null; //streamImg.style.height = ''; } - var zonesSVG = $('zones'+monitor.id); - if ( zonesSVG ) { - zonesSVG.style.width = width ? width : '100%'; - zonesSVG.style.height = height; - } } $('scale').set('value', ''); Cookie.write('zmMontageScale', '', {duration: 10*365}); @@ -322,6 +322,9 @@ function changeSize() { selectLayout('#zmMontageLayout'); } // end function changeSize() +/** + * called when the scaleControl select element is changed + */ function changeScale() { var scale = $('scale').get('value'); $('width').set('value', 'auto'); @@ -367,11 +370,6 @@ function changeScale() { streamImg.style.width = newWidth + "px"; streamImg.style.height = newHeight + "px"; } - var zonesSVG = $('zones'+monitor.id); - if ( zonesSVG ) { - zonesSVG.style.width = newWidth + "px"; - zonesSVG.style.height = newHeight + "px"; - } } } diff --git a/web/skins/classic/views/montage.php b/web/skins/classic/views/montage.php index 6527a6e8f..d8bd27ae6 100644 --- a/web/skins/classic/views/montage.php +++ b/web/skins/classic/views/montage.php @@ -43,6 +43,7 @@ $widths = array( $heights = array( 'auto' => 'auto', '240px' => '240px', + '320px' => '320px', '480px' => '480px', '720px' => '720px', '1080px' => '1080px', @@ -256,7 +257,6 @@ foreach ( $monitors as $monitor ) { if ( $scale ) { limitPoints($row['Points'], 0, 0, $monitor->Width(), $monitor->Height()); - scalePoints($row['Points'], $scale); } else { limitPoints($row['Points'], 0, 0, ( $width ? $width-1 : $monitor->Width()-1 ), @@ -269,7 +269,7 @@ foreach ( $monitors as $monitor ) { } // end foreach Zone ?> - + '; From 1815bf18a988adfe0279a687ac84379b9cf81a3d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Jun 2019 11:50:58 -0400 Subject: [PATCH 223/360] Add support for specifying PPA --- utils/do_debian_package.sh | 48 +++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/utils/do_debian_package.sh b/utils/do_debian_package.sh index a825d0b62..ba6bd198b 100755 --- a/utils/do_debian_package.sh +++ b/utils/do_debian_package.sh @@ -23,6 +23,10 @@ case $i in INTERACTIVE="${i#*=}" shift # past argument=value ;; + -p=*|--ppa=*) + PPA="${i#*=}" + shift # past argument=value + ;; -r=*|--release=*) RELEASE="${i#*=}" shift @@ -108,6 +112,23 @@ else fi; fi +if [ "$PPA" == "" ]; then + if [ "$RELEASE" != "" ]; then + # We need to use our official tarball for the original source, so grab it and overwrite our generated one. + IFS='.' read -r -a VERSION <<< "$RELEASE" + if [ "${VERSION[0]}.${VERSION[1]}" == "1.30" ]; then + PPA="ppa:iconnor/zoneminder-stable" + else + PPA="ppa:iconnor/zoneminder-${VERSION[0]}.${VERSION[1]}" + fi; + else + if [ "$BRANCH" == "" ]; then + PPA="ppa:iconnor/zoneminder-master"; + else + PPA="ppa:iconnor/zoneminder-$BRANCH"; + fi; + fi; +fi; # Instead of cloning from github each time, if we have a fork lying around, update it and pull from there instead. if [ ! -d "${GITHUB_FORK}_zoneminder_release" ]; then @@ -261,9 +282,9 @@ if [ $TYPE == "binary" ]; then if [ "$INTERACTIVE" != "no" ]; then read -p "Not doing dput since it's a binary release. Do you want to install it? (Y/N)" if [[ $REPLY == [yY] ]]; then - sudo dpkg -i $DIRECTORY*.deb + sudo dpkg -i $DIRECTORY*.deb else - echo $REPLY; + echo $REPLY; fi; if [ "$DISTRO" == "jessie" ]; then read -p "Do you want to upload this binary to zmrepo? (y/N)" @@ -282,25 +303,14 @@ if [ $TYPE == "binary" ]; then fi; else SC="zoneminder_${VERSION}-${DISTRO}${PACKAGE_VERSION}_source.changes"; - PPA=""; - if [ "$RELEASE" != "" ]; then - PPA="ppa:iconnor/zoneminder"; - else - if [ "$BRANCH" == "" ]; then - PPA="ppa:iconnor/zoneminder-master"; - else - PPA="ppa:iconnor/zoneminder-$BRANCH"; - fi; - fi; - dput="Y"; if [ "$INTERACTIVE" != "no" ]; then - echo "Ready to dput $SC to $PPA ? Y/N..."; - read dput - fi - if [ "$dput" == [Yy] ]; then + read -p "Ready to dput $SC to $PPA ? Y/N..."; + if [[ "$REPLY" == [yY] ]]; then + dput $PPA $SC + fi; + else + echo "dputting to $PPA"; dput $PPA $SC fi; fi; - - From 7914583a9e982a7623aea7f0c01bf02481ac07e7 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Jun 2019 11:50:58 -0400 Subject: [PATCH 224/360] Add support for specifying PPA --- utils/do_debian_package.sh | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/utils/do_debian_package.sh b/utils/do_debian_package.sh index 0b9e18ee7..fc1eaaeff 100755 --- a/utils/do_debian_package.sh +++ b/utils/do_debian_package.sh @@ -30,6 +30,10 @@ case $i in INTERACTIVE="${i#*=}" shift # past argument=value ;; + -p=*|--ppa=*) + PPA="${i#*=}" + shift # past argument=value + ;; -r=*|--release=*) RELEASE="${i#*=}" shift @@ -120,20 +124,21 @@ else fi; fi -PPA=""; -if [ "$RELEASE" != "" ]; then - # We need to use our official tarball for the original source, so grab it and overwrite our generated one. - IFS='.' read -r -a VERSION <<< "$RELEASE" - if [ "${VERSION[0]}.${VERSION[1]}" == "1.30" ]; then - PPA="ppa:iconnor/zoneminder-stable" +if [ "$PPA" == "" ]; then + if [ "$RELEASE" != "" ]; then + # We need to use our official tarball for the original source, so grab it and overwrite our generated one. + IFS='.' read -r -a VERSION <<< "$RELEASE" + if [ "${VERSION[0]}.${VERSION[1]}" == "1.30" ]; then + PPA="ppa:iconnor/zoneminder-stable" + else + PPA="ppa:iconnor/zoneminder-${VERSION[0]}.${VERSION[1]}" + fi; else - PPA="ppa:iconnor/zoneminder-${VERSION[0]}.${VERSION[1]}" - fi; -else - if [ "$BRANCH" == "" ]; then - PPA="ppa:iconnor/zoneminder-master"; - else - PPA="ppa:iconnor/zoneminder-$BRANCH"; + if [ "$BRANCH" == "" ]; then + PPA="ppa:iconnor/zoneminder-master"; + else + PPA="ppa:iconnor/zoneminder-$BRANCH"; + fi; fi; fi; @@ -327,6 +332,7 @@ EOF dput $PPA $SC fi; else + echo "dputting to $PPA"; dput $PPA $SC fi; fi; From ee19322e11fdb89ed83cb9121c70a6dfe51d01e9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Jun 2019 11:57:52 -0400 Subject: [PATCH 225/360] update do_debian_package from storageareas --- utils/do_debian_package.sh | 277 +++++++++++++++++++++---------------- 1 file changed, 155 insertions(+), 122 deletions(-) diff --git a/utils/do_debian_package.sh b/utils/do_debian_package.sh index ba6bd198b..fc1eaaeff 100755 --- a/utils/do_debian_package.sh +++ b/utils/do_debian_package.sh @@ -8,6 +8,13 @@ exit; fi +DEBUILD=`which debuild`; + +if [ "$DEBUILD" == "" ]; then + echo "You must install the devscripts package. Try sudo apt-get install devscripts"; + exit; +fi + for i in "$@" do case $i in @@ -16,7 +23,7 @@ case $i in shift # past argument=value ;; -d=*|--distro=*) - DISTRO="${i#*=}" + DISTROS="${i#*=}" shift # past argument=value ;; -i=*|--interactive=*) @@ -71,11 +78,15 @@ else echo "Doing $TYPE build" fi; -if [ "$DISTRO" == "" ]; then - DISTRO=`lsb_release -a 2>/dev/null | grep Codename | awk '{print $2}'`; - echo "Defaulting to $DISTRO for distribution"; +if [ "$DISTROS" == "" ]; then + if [ "$RELEASE" != "" ]; then + DISTROS="xenial,bionic,cosmic,disco,trusty" + else + DISTROS=`lsb_release -a 2>/dev/null | grep Codename | awk '{print $2}'`; + fi; + echo "Defaulting to $DISTROS for distribution"; else - echo "Building for $DISTRO"; + echo "Building for $DISTROS"; fi; # Release is a special mode... it uploads to the release ppa and cannot have a snapshot @@ -90,7 +101,8 @@ if [ "$RELEASE" != "" ]; then else GITHUB_FORK="ZoneMinder"; fi - BRANCH="release-$RELEASE" + # We use a tag instead of a branch atm. + BRANCH=$RELEASE else if [ "$GITHUB_FORK" == "" ]; then echo "Defaulting to ZoneMinder upstream git" @@ -167,6 +179,11 @@ if [ "$SNAPSHOT" != "stable" ] && [ "$SNAPSHOT" != "" ]; then fi; DIRECTORY="zoneminder_$VERSION"; +if [ -d "$DIRECTORY.orig" ]; then + echo "$DIRECTORY.orig already exists. Please delete it." + exit 0; +fi; + echo "Doing $TYPE release $DIRECTORY"; mv "${GITHUB_FORK}_zoneminder_release" "$DIRECTORY.orig"; if [ $? -ne 0 ]; then @@ -174,102 +191,153 @@ if [ $? -ne 0 ]; then echo "Setting up build dir failed."; exit $?; fi; + cd "$DIRECTORY.orig"; +# Init submodules git submodule init git submodule update --init --recursive -if [ "$DISTRO" == "trusty" ] || [ "$DISTRO" == "precise" ]; then - mv distros/ubuntu1204 debian -else - if [ "$DISTRO" == "wheezy" ]; then - mv distros/debian debian - else - mv distros/ubuntu1604 debian - fi; -fi; - -if [ "$DEBEMAIL" != "" ] && [ "$DEBFULLNAME" != "" ]; then - AUTHOR="$DEBFULLNAME <$DEBEMAIL>" -else - if [ -z `hostname -d` ] ; then - AUTHOR="`getent passwd $USER | cut -d ':' -f 5 | cut -d ',' -f 1` <`whoami`@`hostname`.local>" - else - AUTHOR="`getent passwd $USER | cut -d ':' -f 5 | cut -d ',' -f 1` <`whoami`@`hostname`>" - fi -fi - -if [ "$URGENCY" = "" ]; then - URGENCY="medium" -fi; - -if [ "$SNAPSHOT" == "stable" ]; then -cat < debian/changelog -zoneminder ($VERSION-$DISTRO${PACKAGE_VERSION}) $DISTRO; urgency=$URGENCY - - * Release $VERSION - - -- $AUTHOR $DATE - -EOF -cat < debian/NEWS -zoneminder ($VERSION-$DISTRO${PACKAGE_VERSION}) $DISTRO; urgency=$URGENCY - - * Release $VERSION - - -- $AUTHOR $DATE -EOF -else -cat < debian/changelog -zoneminder ($VERSION-$DISTRO${PACKAGE_VERSION}) $DISTRO; urgency=$URGENCY - - * - - -- $AUTHOR $DATE -EOF -cat < debian/changelog -zoneminder ($VERSION-$DISTRO${PACKAGE_VERSION}) $DISTRO; urgency=$URGENCY - - * - - -- $AUTHOR $DATE -EOF -fi; +# Cleanup rm -rf .git rm .gitignore cd ../ -tar zcf $DIRECTORY.orig.tar.gz $DIRECTORY.orig -cd $DIRECTORY.orig -if [ $TYPE == "binary" ]; then - # Auto-install all ZoneMinder's depedencies using the Debian control file - sudo apt-get install devscripts equivs - sudo mk-build-deps -ir ./debian/control - echo "Status: $?" - DEBUILD=debuild -else - if [ $TYPE == "local" ]; then +if [ ! -e "$DIRECTORY.orig.tar.gz" ]; then + tar zcf $DIRECTORY.orig.tar.gz $DIRECTORY.orig +fi; + +IFS=',' ;for DISTRO in `echo "$DISTROS"`; do + echo "Generating package for $DISTRO"; + cd $DIRECTORY.orig + + if [ -e "debian" ]; then + rm -rf debian + fi; + + # Generate Changlog + if [ "$DISTRO" == "trusty" ] || [ "$DISTRO" == "precise" ]; then + cp -Rpd distros/ubuntu1204 debian + else + if [ "$DISTRO" == "wheezy" ]; then + cp -Rpd distros/debian debian + else + cp -Rpd distros/ubuntu1604 debian + fi; + fi; + + if [ "$DEBEMAIL" != "" ] && [ "$DEBFULLNAME" != "" ]; then + AUTHOR="$DEBFULLNAME <$DEBEMAIL>" + else + if [ -z `hostname -d` ] ; then + AUTHOR="`getent passwd $USER | cut -d ':' -f 5 | cut -d ',' -f 1` <`whoami`@`hostname`.local>" + else + AUTHOR="`getent passwd $USER | cut -d ':' -f 5 | cut -d ',' -f 1` <`whoami`@`hostname`>" + fi + fi + + if [ "$URGENCY" = "" ]; then + URGENCY="medium" + fi; + + if [ "$SNAPSHOT" == "stable" ]; then + cat < debian/changelog +zoneminder ($VERSION-$DISTRO${PACKAGE_VERSION}) $DISTRO; urgency=$URGENCY + + * Release $VERSION + + -- $AUTHOR $DATE + +EOF + cat < debian/NEWS +zoneminder ($VERSION-$DISTRO${PACKAGE_VERSION}) $DISTRO; urgency=$URGENCY + + * Release $VERSION + + -- $AUTHOR $DATE +EOF + else + cat < debian/changelog +zoneminder ($VERSION-$DISTRO${PACKAGE_VERSION}) $DISTRO; urgency=$URGENCY + + * + + -- $AUTHOR $DATE +EOF + cat < debian/changelog +zoneminder ($VERSION-$DISTRO${PACKAGE_VERSION}) $DISTRO; urgency=$URGENCY + + * + + -- $AUTHOR $DATE +EOF + fi; + + if [ $TYPE == "binary" ]; then # Auto-install all ZoneMinder's depedencies using the Debian control file sudo apt-get install devscripts equivs sudo mk-build-deps -ir ./debian/control echo "Status: $?" - DEBUILD="debuild -i -us -uc -b" - else - # Source build, don't need build depends. - DEBUILD="debuild -S -sa" + DEBUILD=debuild + else + if [ $TYPE == "local" ]; then + # Auto-install all ZoneMinder's depedencies using the Debian control file + sudo apt-get install devscripts equivs + sudo mk-build-deps -ir ./debian/control + echo "Status: $?" + DEBUILD="debuild -i -us -uc -b" + else + # Source build, don't need build depends. + DEBUILD="debuild -S -sa" + fi; + fi; + if [ "$DEBSIGN_KEYID" != "" ]; then + DEBUILD="$DEBUILD -k$DEBSIGN_KEYID" + fi + eval $DEBUILD + if [ $? -ne 0 ]; then + echo "Error status code is: $?" + echo "Build failed."; + exit $?; fi; -fi; -if [ "$DEBSIGN_KEYID" != "" ]; then - DEBUILD="$DEBUILD -k$DEBSIGN_KEYID" -fi -$DEBUILD -if [ $? -ne 0 ]; then -echo "Error status code is: $?" - echo "Build failed."; - exit $?; -fi; -cd ../ + cd ../ + + if [ $TYPE == "binary" ]; then + if [ "$INTERACTIVE" != "no" ]; then + read -p "Not doing dput since it's a binary release. Do you want to install it? (y/N)" + if [[ $REPLY == [yY] ]]; then + sudo dpkg -i $DIRECTORY*.deb + fi; + read -p "Do you want to upload this binary to zmrepo? (y/N)" + if [[ $REPLY == [yY] ]]; then + if [ "$RELEASE" != "" ]; then + scp "zoneminder_${VERSION}-${DISTRO}"* "zoneminder-doc_${VERSION}-${DISTRO}"* "zoneminder-dbg_${VERSION}-${DISTRO}"* "zoneminder_${VERSION}.orig.tar.gz" "zmrepo@zmrepo.connortechnology.com:debian/stable/mini-dinstall/incoming/" + else + if [ "$BRANCH" == "" ]; then + scp "zoneminder_${VERSION}-${DISTRO}"* "zoneminder-doc_${VERSION}-${DISTRO}"* "zoneminder-dbg_${VERSION}-${DISTRO}"* "zoneminder_${VERSION}.orig.tar.gz" "zmrepo@zmrepo.connortechnology.com:debian/master/mini-dinstall/incoming/" + else + scp "$DIRECTORY-${DISTRO}"* "zoneminder-doc_${VERSION}-${DISTRO}"* "zoneminder-dbg_${VERSION}-${DISTRO}"* "zoneminder_${VERSION}.orig.tar.gz" "zmrepo@zmrepo.connortechnology.com:debian/${BRANCH}/mini-dinstall/incoming/" + fi; + fi; + fi; + fi; + else + SC="zoneminder_${VERSION}-${DISTRO}${PACKAGE_VERSION}_source.changes"; + + dput="Y"; + if [ "$INTERACTIVE" != "no" ]; then + read -p "Ready to dput $SC to $PPA ? Y/N..."; + if [[ "$REPLY" == [yY] ]]; then + dput $PPA $SC + fi; + else + echo "dputting to $PPA"; + dput $PPA $SC + fi; + fi; +done; # foreach distro + if [ "$INTERACTIVE" != "no" ]; then read -p "Do you want to keep the checked out version of Zoneminder (incase you want to modify it later) [y/N]" [[ $REPLY == [yY] ]] && { mv "$DIRECTORY.orig" zoneminder_release; echo "The checked out copy is preserved in zoneminder_release"; } || { rm -fr "$DIRECTORY.orig"; echo "The checked out copy has been deleted"; } @@ -278,39 +346,4 @@ else rm -fr "$DIRECTORY.orig"; echo "The checked out copy has been deleted"; fi -if [ $TYPE == "binary" ]; then - if [ "$INTERACTIVE" != "no" ]; then - read -p "Not doing dput since it's a binary release. Do you want to install it? (Y/N)" - if [[ $REPLY == [yY] ]]; then - sudo dpkg -i $DIRECTORY*.deb - else - echo $REPLY; - fi; - if [ "$DISTRO" == "jessie" ]; then - read -p "Do you want to upload this binary to zmrepo? (y/N)" - if [[ $REPLY == [yY] ]]; then - if [ "$RELEASE" != "" ]; then - scp "zoneminder_${VERSION}-${DISTRO}*" "zmrepo@zmrepo.connortechnology.com:debian/stable/mini-dinstall/incoming/" - else - if [ "$BRANCH" == "" ]; then - scp "zoneminder_${VERSION}-${DISTRO}*" "zmrepo@zmrepo.connortechnology.com:debian/master/mini-dinstall/incoming/" - else - scp "$DIRECTORY-${DISTRO}*" "zmrepo@zmrepo.connortechnology.com:debian/${BRANCH}/mini-dinstall/incoming/" - fi; - fi; - fi; - fi; - fi; -else - SC="zoneminder_${VERSION}-${DISTRO}${PACKAGE_VERSION}_source.changes"; - if [ "$INTERACTIVE" != "no" ]; then - read -p "Ready to dput $SC to $PPA ? Y/N..."; - if [[ "$REPLY" == [yY] ]]; then - dput $PPA $SC - fi; - else - echo "dputting to $PPA"; - dput $PPA $SC - fi; -fi; From 8cf7563ce4abbcf88dc5ebeb2c3910c76aa0b4e2 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Jun 2019 12:00:19 -0400 Subject: [PATCH 226/360] fix merge --- utils/do_debian_package.sh | 24 +----------------------- 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/utils/do_debian_package.sh b/utils/do_debian_package.sh index ae09f98a8..7addf8362 100755 --- a/utils/do_debian_package.sh +++ b/utils/do_debian_package.sh @@ -124,7 +124,6 @@ else fi; fi -<<<<<<< HEAD if [ "$PPA" == "" ]; then if [ "$RELEASE" != "" ]; then # We need to use our official tarball for the original source, so grab it and overwrite our generated one. @@ -140,22 +139,6 @@ if [ "$PPA" == "" ]; then else PPA="ppa:iconnor/zoneminder-$BRANCH"; fi; -======= -PPA=""; -if [ "$RELEASE" != "" ]; then - # We need to use our official tarball for the original source, so grab it and overwrite our generated one. - IFS='.' read -r -a VERSION <<< "$RELEASE" - if [ "${VERSION[0]}.${VERSION[1]}" == "1.30" ]; then - PPA="ppa:iconnor/zoneminder-stable" - else - PPA="ppa:iconnor/zoneminder-${VERSION[0]}.${VERSION[1]}" - fi; -else - if [ "$BRANCH" == "" ]; then - PPA="ppa:iconnor/zoneminder-master"; - else - PPA="ppa:iconnor/zoneminder-$BRANCH"; ->>>>>>> acb95709e6cd8fdb9e76b3d58bc6f546fc6b1447 fi; fi; @@ -349,11 +332,8 @@ EOF dput $PPA $SC fi; else -<<<<<<< HEAD echo "dputting to $PPA"; -======= ->>>>>>> acb95709e6cd8fdb9e76b3d58bc6f546fc6b1447 - dput $PPA $SC + dput $PPA $SC fi; fi; done; # foreach distro @@ -365,5 +345,3 @@ if [ "$INTERACTIVE" != "no" ]; then else rm -fr "$DIRECTORY.orig"; echo "The checked out copy has been deleted"; fi - - From 2d80283844f905750899f630941245fe779733fa Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Jun 2019 13:13:46 -0400 Subject: [PATCH 227/360] simplify some logic in Analyze and prevent segfault when we close continuous event to start alarm event --- src/zm_monitor.cpp | 92 +++++++++++----------------------------------- 1 file changed, 22 insertions(+), 70 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index 2e875e885..d7349eb6b 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -1380,12 +1380,13 @@ bool Monitor::Analyse() { if ( trigger_data->trigger_state == TRIGGER_ON ) { score += trigger_data->trigger_score; if ( !event ) { - if ( cause.length() ) - cause += ", "; + // How could it have a length already? + //if ( cause.length() ) + //cause += ", "; cause += trigger_data->trigger_cause; } Event::StringSet noteSet; - noteSet.insert( trigger_data->trigger_text ); + noteSet.insert(trigger_data->trigger_text); noteSetMap[trigger_data->trigger_cause] = noteSet; } if ( signal_change ) { @@ -1407,7 +1408,7 @@ bool Monitor::Analyse() { cause += SIGNAL_CAUSE; } Event::StringSet noteSet; - noteSet.insert( signalText ); + noteSet.insert(signalText); noteSetMap[SIGNAL_CAUSE] = noteSet; shared_data->state = state = IDLE; shared_data->active = signal; @@ -1429,19 +1430,19 @@ bool Monitor::Analyse() { } if ( last_motion_score ) { score += last_motion_score; - if ( cause.length() ) - cause += ", "; - cause += MOTION_CAUSE; - } else { - score += last_motion_score; - } - noteSetMap[MOTION_CAUSE] = zoneSet; - } // end if motion_score - shared_data->active = signal; - } // end if signal change + if ( !event ) { + if ( cause.length() ) + cause += ", "; + cause += MOTION_CAUSE; + } + noteSetMap[MOTION_CAUSE] = zoneSet; + } // end if motion_score + //shared_data->active = signal; // unneccessary active gets set on signal change + } // end if active and doing motion detection - if ( (!signal_change) && signal) { + // Check to see if linked monitors are triggering. if ( n_linked_monitors > 0 ) { + // FIXME improve logic here bool first_link = true; Event::StringSet noteSet; for ( int i = 0; i < n_linked_monitors; i++ ) { @@ -1502,64 +1503,18 @@ bool Monitor::Analyse() { shared_data->state = state = TAPE; } - //if ( config.overlap_timed_events ) - if ( false ) { - int pre_index; - int pre_event_images = pre_event_count; - - if ( analysis_fps ) { - // If analysis fps is set, - // compute the index for pre event images in the dedicated buffer - pre_index = pre_event_buffer_count ? image_count%pre_event_buffer_count : 0; - - // Seek forward the next filled slot in to the buffer (oldest data) - // from the current position - while ( pre_event_images && !pre_event_buffer[pre_index].timestamp->tv_sec ) { - pre_index = (pre_index + 1)%pre_event_buffer_count; - // Slot is empty, removing image from counter - pre_event_images--; - } - } else { - // If analysis fps is not set (analysis performed at capturing framerate), - // compute the index for pre event images in the capturing buffer - pre_index = ((index + image_buffer_count) - pre_event_count)%image_buffer_count; - - // Seek forward the next filled slot in to the buffer (oldest data) - // from the current position - while ( pre_event_images && !image_buffer[pre_index].timestamp->tv_sec ) { - pre_index = (pre_index + 1)%image_buffer_count; - // Slot is empty, removing image from counter - pre_event_images--; - } - } - - if ( pre_event_images ) { - if ( analysis_fps ) { - for ( int i = 0; i < pre_event_images; i++ ) { - timestamps[i] = pre_event_buffer[pre_index].timestamp; - images[i] = pre_event_buffer[pre_index].image; - pre_index = (pre_index + 1)%pre_event_buffer_count; - } - } else { - for ( int i = 0; i < pre_event_images; i++ ) { - timestamps[i] = image_buffer[pre_index].timestamp; - images[i] = image_buffer[pre_index].image; - pre_index = (pre_index + 1)%image_buffer_count; - } - } - - event->AddFrames( pre_event_images, images, timestamps ); - } - } // end if false or config.overlap_timed_events } // end if ! event } // end if function == RECORD || function == MOCORD) } // end if !signal_change && signal if ( score ) { if ( state == IDLE || state == TAPE || state == PREALARM ) { + // This is so if we need more than 1 alarm frame before going into alarm, so it is basically if we have enough alarm frames if ( (!pre_event_count) || (Event::PreAlarmCount() >= alarm_frame_count) ) { // If we should end then previous continuous event and start a new non-continuous event - if ( event && event->Frames() && !event->AlarmFrames() + if ( event && event->Frames() + && (!event->AlarmFrames()) + && (event_close_mode == CLOSE_ALARM) && ( ( timestamp->tv_sec - video_store_data->recording.tv_sec ) >= min_section_length ) ) { Info("%s: %03d - Closing event %" PRIu64 ", continuous end, alarm begins", @@ -1579,14 +1534,11 @@ bool Monitor::Analyse() { strncpy(shared_data->alarm_cause,alarm_cause.c_str(), sizeof(shared_data->alarm_cause)-1); Info("%s: %03d - Gone into alarm state PreAlarmCount: %u > AlarmFrameCount:%u Cause:%s", name, image_count, Event::PreAlarmCount(), alarm_frame_count, shared_data->alarm_cause); - if ( signal_change || (function != MOCORD && state != ALERT) ) { + + if ( !event ) { int pre_index; int pre_event_images = pre_event_count; - if ( event ) { - // Shouldn't be able to happen because - Error("Creating new event when one exists"); - } if ( analysis_fps && pre_event_count ) { // If analysis fps is set, // compute the index for pre event images in the dedicated buffer From 246b4cb9d116d2c1d2907928948ef9c9ea01d307 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Jun 2019 17:22:59 -0400 Subject: [PATCH 228/360] working hwdecode --- src/zm_ffmpeg.cpp | 11 +++ src/zm_ffmpeg.h | 1 + src/zm_ffmpeg_camera.cpp | 193 ++++++++++++++++++++++++++++++++------- src/zm_ffmpeg_camera.h | 4 +- zoneminder-config.cmake | 2 +- 5 files changed, 175 insertions(+), 36 deletions(-) diff --git a/src/zm_ffmpeg.cpp b/src/zm_ffmpeg.cpp index 98509f92f..1dbf3be3b 100644 --- a/src/zm_ffmpeg.cpp +++ b/src/zm_ffmpeg.cpp @@ -284,6 +284,17 @@ static void zm_log_fps(double d, const char *postfix) { } } +void zm_dump_video_frame(const AVFrame *frame, const char *text) { + Debug(1, "%s: format %d %s %dx%d linesize:%d pts: %" PRId64, + text, + frame->format, + av_get_pix_fmt_name((AVPixelFormat)frame->format), + frame->width, + frame->height, + frame->linesize, + frame->pts + ); +} void zm_dump_frame(const AVFrame *frame,const char *text) { Debug(1, "%s: format %d %s sample_rate %" PRIu32 " nb_samples %d channels %d" " duration %" PRId64 diff --git a/src/zm_ffmpeg.h b/src/zm_ffmpeg.h index 7c4414db0..e3b8314f8 100644 --- a/src/zm_ffmpeg.h +++ b/src/zm_ffmpeg.h @@ -300,6 +300,7 @@ void zm_dump_codec(const AVCodecContext *codec); void zm_dump_codecpar(const AVCodecParameters *par); #endif void zm_dump_frame(const AVFrame *frame, const char *text="Frame"); +void zm_dump_video_frame(const AVFrame *frame, const char *text="Frame"); #if LIBAVCODEC_VERSION_CHECK(56, 8, 0, 60, 100) #define zm_av_packet_unref( packet ) av_packet_unref( packet ) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index c02259561..98dfd0e4e 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -42,6 +42,22 @@ extern "C" { #endif +static enum AVPixelFormat hw_pix_fmt; +static enum AVPixelFormat get_hw_format( + AVCodecContext *ctx, + const enum AVPixelFormat *pix_fmts +) { + const enum AVPixelFormat *p; + + for ( p = pix_fmts; *p != -1; p++ ) { + if ( *p == hw_pix_fmt ) + return *p; + } + + Error("Failed to get HW surface format."); + return AV_PIX_FMT_NONE; +} + #if HAVE_AVUTIL_HWCONTEXT_H static AVPixelFormat get_format(AVCodecContext *avctx, const enum AVPixelFormat *pix_fmts) { while (*pix_fmts != AV_PIX_FMT_NONE) { @@ -76,7 +92,7 @@ static AVPixelFormat get_format(AVCodecContext *avctx, const enum AVPixelFormat pix_fmts++; } - Error( "The QSV pixel format not offered in get_format()"); + Error("The QSV pixel format not offered in get_format()"); return AV_PIX_FMT_NONE; } @@ -122,8 +138,8 @@ FfmpegCamera::FfmpegCamera( hwaccel = false; #if HAVE_AVUTIL_HWCONTEXT_H decode = { NULL }; - hwFrame = NULL; #endif + hwFrame = NULL; mFormatContext = NULL; mVideoStreamId = -1; @@ -250,6 +266,7 @@ int FfmpegCamera::Capture( Image &image ) { zm_av_packet_unref( &packet ); continue; } + Debug(1, "transfering from hardware"); ret = av_hwframe_transfer_data(mRawFrame, hwFrame, 0); if (ret < 0) { av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); @@ -259,6 +276,8 @@ int FfmpegCamera::Capture( Image &image ) { } } else { #endif + + ret = avcodec_receive_frame( mVideoCodecContext, mRawFrame ); if ( ret < 0 ) { av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); @@ -305,7 +324,7 @@ int FfmpegCamera::Capture( Image &image ) { #endif #if HAVE_LIBSWSCALE - if ( sws_scale(mConvertContext, mRawFrame->data, mRawFrame->linesize, 0, mVideoCodecContext->height, mFrame->data, mFrame->linesize) < 0 ) { + if ( sws_scale(mConvertContext, mRawFrame->data, mRawFrame->linesize, 0, mVideoCodecContext->height, mFrame->data, mFrame->linesize) <= 0 ) { Error("Unable to convert raw format %u to target format %u at frame %d", mVideoCodecContext->pix_fmt, imagePixFormat, frameCount); return -1; } @@ -331,7 +350,6 @@ int FfmpegCamera::PostCapture() { int FfmpegCamera::OpenFfmpeg() { - int ret; have_video_keyframe = false; @@ -339,7 +357,6 @@ int FfmpegCamera::OpenFfmpeg() { // Open the input, not necessarily a file #if !LIBAVFORMAT_VERSION_CHECK(53, 2, 0, 4, 0) - Debug ( 1, "Calling av_open_input_file" ); if ( av_open_input_file( &mFormatContext, mPath.c_str(), NULL, 0, NULL ) != 0 ) #else // Handle options @@ -360,7 +377,7 @@ int FfmpegCamera::OpenFfmpeg() { } else if ( method == "rtpUni" ) { ret = av_dict_set(&opts, "rtsp_transport", "udp", 0); } else { - Warning("Unknown method (%s)", method.c_str() ); + Warning("Unknown method (%s)", method.c_str()); } //#av_dict_set(&opts, "timeout", "10000000", 0); // in microseconds. @@ -518,6 +535,23 @@ int FfmpegCamera::OpenFfmpeg() { } } // end if h264 #endif + + AVHWAccel *first_hwaccel = av_hwaccel_next(NULL); + AVHWAccel *temp_hwaccel = first_hwaccel; + AVHWAccel *h264 = NULL; + const char * h264_name = "h264_vaapi"; + while ( temp_hwaccel != NULL ) { + Debug(1,"%s ", temp_hwaccel->name); + if ( strcmp(temp_hwaccel->name, h264_name) == 0 ) { + h264=temp_hwaccel; + } + temp_hwaccel = av_hwaccel_next(temp_hwaccel); + + if ( temp_hwaccel == first_hwaccel ) { + break; + } + } + if ( mVideoCodecContext->codec_id == AV_CODEC_ID_H264 ) { if ( (mVideoCodec = avcodec_find_decoder_by_name("h264_mmal")) == NULL ) { Debug(1, "Failed to find decoder (h264_mmal)" ); @@ -530,32 +564,75 @@ int FfmpegCamera::OpenFfmpeg() { // Try and get the codec from the codec context Error("Can't find codec for video stream from %s", mPath.c_str()); return -1; + } + + Debug(1, "Video Found decoder %s", mVideoCodec->name); + zm_dump_stream_format(mFormatContext, mVideoStreamId, 0, 0); + + enum AVHWDeviceType type = AV_HWDEVICE_TYPE_NONE; + while ( (type = av_hwdevice_iterate_types(type)) != AV_HWDEVICE_TYPE_NONE ) + Debug(1, "%s", av_hwdevice_get_type_name(type)); + + const char *hw_name = "vaapi"; + type = av_hwdevice_find_type_by_name(hw_name); + if ( type == AV_HWDEVICE_TYPE_NONE ) { + Debug(1,"Device type %s is not supported.", hw_name); } else { - Debug(1, "Video Found decoder %s", mVideoCodec->name); - zm_dump_stream_format(mFormatContext, mVideoStreamId, 0, 0); - // Open the codec -#if !LIBAVFORMAT_VERSION_CHECK(53, 8, 0, 8, 0) - ret = avcodec_open(mVideoCodecContext, mVideoCodec); -#else - ret = avcodec_open2(mVideoCodecContext, mVideoCodec, &opts); -#endif - AVDictionaryEntry *e = NULL; - while ( (e = av_dict_get(opts, "", e, AV_DICT_IGNORE_SUFFIX)) != NULL ) { - Warning( "Option %s not recognized by ffmpeg", e->key); - } - if ( ret < 0 ) { - Error("Unable to open codec for video stream from %s", mPath.c_str()); - av_dict_free(&opts); + Debug(1, "Found hwdevice %s", av_hwdevice_get_type_name(type)); + } + + // Get h_pix_fmt + for ( int i = 0;; i++ ) { + const AVCodecHWConfig *config = avcodec_get_hw_config(mVideoCodec, i); + if ( !config ) { + Debug(1, "Decoder %s does not support device type %s.", + mVideoCodec->name, av_hwdevice_get_type_name(type)); return -1; } - zm_dump_codec(mVideoCodecContext); + if ( (config->methods & AV_CODEC_HW_CONFIG_METHOD_HW_DEVICE_CTX ) + && (config->device_type == type) + ) { + hw_pix_fmt = config->pix_fmt; + break; + } + } // end foreach hwconfig + + mVideoCodecContext->get_format = get_hw_format; + + Debug(1, "Creating hwdevice"); + if ((ret = av_hwdevice_ctx_create(&hw_device_ctx, type, NULL, NULL, 0)) < 0) { + Error("Failed to create specified HW device."); + return -1; } + Debug(1, "Created hwdevice"); + mVideoCodecContext->hw_device_ctx = av_buffer_ref(hw_device_ctx); + hwaccel = true; + hwFrame = zm_av_frame_alloc(); + + // Open the codec +#if !LIBAVFORMAT_VERSION_CHECK(53, 8, 0, 8, 0) + ret = avcodec_open(mVideoCodecContext, mVideoCodec); +#else + ret = avcodec_open2(mVideoCodecContext, mVideoCodec, &opts); +#endif + e = NULL; + while ( (e = av_dict_get(opts, "", e, AV_DICT_IGNORE_SUFFIX)) != NULL ) { + Warning( "Option %s not recognized by ffmpeg", e->key); + } + if ( ret < 0 ) { + Error("Unable to open codec for video stream from %s", mPath.c_str()); + av_dict_free(&opts); + return -1; + } + zm_dump_codec(mVideoCodecContext); if ( mVideoCodecContext->hwaccel != NULL ) { Debug(1, "HWACCEL in use"); } else { Debug(1, "HWACCEL not in use"); } + + if ( mAudioStreamId >= 0 ) { if ( (mAudioCodec = avcodec_find_decoder( #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) @@ -578,13 +655,13 @@ int FfmpegCamera::OpenFfmpeg() { zm_dump_stream_format(mFormatContext, mAudioStreamId, 0, 0); // Open the codec #if !LIBAVFORMAT_VERSION_CHECK(53, 8, 0, 8, 0) - Debug ( 1, "Calling avcodec_open" ); + Debug(1, "Calling avcodec_open"); if ( avcodec_open(mAudioCodecContext, mAudioCodec) < 0 ) { #else - Debug ( 1, "Calling avcodec_open2" ); + Debug(1, "Calling avcodec_open2" ); if ( avcodec_open2(mAudioCodecContext, mAudioCodec, 0) < 0 ) { #endif - Error( "Unable to open codec for audio stream from %s", mPath.c_str() ); + Error("Unable to open codec for audio stream from %s", mPath.c_str() ); return -1; } zm_dump_codec(mAudioCodecContext); @@ -629,6 +706,7 @@ int FfmpegCamera::OpenFfmpeg() { return -1; } +# if 0 mConvertContext = sws_getContext( mVideoCodecContext->width, mVideoCodecContext->height, @@ -640,6 +718,7 @@ int FfmpegCamera::OpenFfmpeg() { Error( "Unable to create conversion context for %s", mPath.c_str() ); return -1; } +#endif #else // HAVE_LIBSWSCALE Fatal( "You must compile ffmpeg with the --enable-swscale option to use ffmpeg cameras" ); #endif // HAVE_LIBSWSCALE @@ -885,7 +964,8 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( packetqueue->packet_count(mVideoStreamId) >= monitor->GetImageBufferCount() ) { Warning("ImageBufferCount %d is too small. Needs to be at least %d. Either increase it or decrease time between keyframes", monitor->GetImageBufferCount(), - packetqueue->packet_count(mVideoStreamId)+1 ); + packetqueue->packet_count(mVideoStreamId)+1 + ); } packetqueue->clearQueue(monitor->GetPreEventCount(), mVideoStreamId); @@ -931,6 +1011,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event } #if HAVE_AVUTIL_HWCONTEXT_H if ( hwaccel ) { + Debug(1, "Using hwaccel to decode"); ret = avcodec_receive_frame(mVideoCodecContext, hwFrame); if ( ret < 0 ) { av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); @@ -939,7 +1020,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event continue; } ret = av_hwframe_transfer_data(mRawFrame, hwFrame, 0); - if (ret < 0) { + if ( ret < 0 ) { av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); Error("Unable to transfer frame at frame %d: %s, continuing", frameCount, errbuf); zm_av_packet_unref(&packet); @@ -947,6 +1028,8 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event } } else { #endif + Debug(1, "Decodingaccel to decode"); + ret = avcodec_receive_frame(mVideoCodecContext, mRawFrame); if ( ret < 0 ) { av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); @@ -961,6 +1044,24 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event continue; } if ( error_count > 0 ) error_count --; + zm_dump_video_frame(mRawFrame); + if ( mRawFrame->format == hw_pix_fmt ) { + /* retrieve data from GPU to CPU */ + ret = av_hwframe_transfer_data(hwFrame, mRawFrame, 0); + if ( ret < 0 ) { + av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); + Error("Unable to transfer frame at frame %d: %s, continuing", frameCount, errbuf); + zm_av_packet_unref(&packet); + continue; + } + Debug(1,"Success transfering"); + zm_dump_video_frame(hwFrame); + + hwFrame->pts = mRawFrame->pts; + input_frame = hwFrame; + } else { + input_frame = mRawFrame; + } #if HAVE_AVUTIL_HWCONTEXT_H } @@ -968,7 +1069,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event frameComplete = 1; # else - ret = zm_avcodec_decode_video(mVideoCodecContext, mRawFrame, &frameComplete, &packet); + ret = zm_avcodec_decode_video(mVideoCodecContext, input_frame, &frameComplete, &packet); if ( ret < 0 ) { av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); Error("Unable to decode frame at frame %d: %s, continuing", frameCount, errbuf); @@ -978,7 +1079,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event #endif if ( frameComplete ) { - Debug( 4, "Got frame %d", frameCount ); + Debug(4, "Got frame %d", frameCount); uint8_t* directbuffer; @@ -986,7 +1087,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event directbuffer = image.WriteBuffer(width, height, colours, subpixelorder); if ( directbuffer == NULL ) { Error("Failed requesting writeable buffer for the captured image."); - zm_av_packet_unref( &packet ); + zm_av_packet_unref(&packet); return -1; } #if LIBAVUTIL_VERSION_CHECK(54, 6, 0, 6, 0) @@ -994,10 +1095,34 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event #else avpicture_fill( (AVPicture *)mFrame, directbuffer, imagePixFormat, width, height); #endif - if (sws_scale(mConvertContext, mRawFrame->data, mRawFrame->linesize, - 0, mVideoCodecContext->height, mFrame->data, mFrame->linesize) < 0) { - Error("Unable to convert raw format %u to target format %u at frame %d", - mVideoCodecContext->pix_fmt, imagePixFormat, frameCount); + Debug(1,"swscale target format: %c%c%c%c %c%c%c%c", + (imagePixFormat)&0xff,((imagePixFormat>>8)&0xff),((imagePixFormat>>16)&0xff),((imagePixFormat>>24)&0xff), + (mVideoCodecContext->pix_fmt)&0xff, + ((mVideoCodecContext->pix_fmt>>8)&0xff), + ((mVideoCodecContext->pix_fmt>>16)&0xff), + ((mVideoCodecContext->pix_fmt>>24)&0xff) + ); + if ( ! mConvertContext ) { + mConvertContext = sws_getContext( + input_frame->width, + input_frame->height, + (AVPixelFormat)input_frame->format, + width, height, + imagePixFormat, SWS_BICUBIC, NULL, + NULL, NULL); + if ( mConvertContext == NULL ) { + Error( "Unable to create conversion context for %s", mPath.c_str() ); + return -1; + } + } + + if ( sws_scale(mConvertContext, input_frame->data, input_frame->linesize, + 0, mVideoCodecContext->height, mFrame->data, mFrame->linesize) <= 0 ) { + Error("Unable to convert raw format %u to target format %u at frame %d codec %u ", + input_frame->format, + imagePixFormat, frameCount, + mVideoCodecContext->pix_fmt + ); return -1; } diff --git a/src/zm_ffmpeg_camera.h b/src/zm_ffmpeg_camera.h index a5a5550a9..626269f51 100644 --- a/src/zm_ffmpeg_camera.h +++ b/src/zm_ffmpeg_camera.h @@ -55,12 +55,14 @@ class FfmpegCamera : public Camera { AVFrame *mRawFrame; AVFrame *mFrame; _AVPIXELFORMAT imagePixFormat; + AVFrame *input_frame; // Use to point to mRawFrame or hwFrame; bool hwaccel; -#if HAVE_AVUTIL_HWCONTEXT_H AVFrame *hwFrame; +#if HAVE_AVUTIL_HWCONTEXT_H DecodeContext decode; #endif + AVBufferRef *hw_device_ctx = NULL; // Need to keep track of these because apparently the stream can start with values for pts/dts and then subsequent packets start at zero. int64_t audio_last_pts; diff --git a/zoneminder-config.cmake b/zoneminder-config.cmake index e088e68dc..46cf28d46 100644 --- a/zoneminder-config.cmake +++ b/zoneminder-config.cmake @@ -51,7 +51,7 @@ #cmakedefine HAVE_LIBAVUTIL 1 #cmakedefine HAVE_LIBAVUTIL_AVUTIL_H 1 #cmakedefine HAVE_LIBAVUTIL_MATHEMATICS_H 1 -#cmakedefine HAVE_LIBAVUTIL_HWCONTEXT_H 0 +#cmakedefine HAVE_LIBAVUTIL_HWCONTEXT_H 1 #cmakedefine HAVE_LIBSWSCALE 1 #cmakedefine HAVE_LIBSWSCALE_SWSCALE_H 1 #cmakedefine HAVE_LIBSWRESAMPLE 1 From c3135accbbcd2e36a07f1265e65b96d93760e32a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Jun 2019 21:11:52 -0400 Subject: [PATCH 229/360] Make events close on a section length time boundary only if event_close_mode == CLOSE_TIME. When an alarm happens in event_close_mode==ALARM, close the continuous event regardless of the # of pre-event frames in the event. Add some debugging --- src/zm_monitor.cpp | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index d7349eb6b..d282f0e2d 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -1379,6 +1379,7 @@ bool Monitor::Analyse() { if ( trigger_data->trigger_state == TRIGGER_ON ) { score += trigger_data->trigger_score; + Debug(1, "Triggered on score += %d => %d", trigger_data->trigger_score, score); if ( !event ) { // How could it have a length already? //if ( cause.length() ) @@ -1389,6 +1390,7 @@ bool Monitor::Analyse() { noteSet.insert(trigger_data->trigger_text); noteSetMap[trigger_data->trigger_cause] = noteSet; } + if ( signal_change ) { const char *signalText; if ( !signal ) { @@ -1475,7 +1477,7 @@ bool Monitor::Analyse() { if ( section_length && ( ( timestamp->tv_sec - video_store_data->recording.tv_sec ) >= section_length ) - && ( ! ( timestamp->tv_sec % section_length ) ) + && ( (event_close_mode != CLOSE_TIME) || ! ( timestamp->tv_sec % section_length ) ) ) { Info("%s: %03d - Closing event %" PRIu64 ", section end forced %d - %d = %d >= %d", name, image_count, event->Id(), @@ -1508,19 +1510,20 @@ bool Monitor::Analyse() { } // end if !signal_change && signal if ( score ) { - if ( state == IDLE || state == TAPE || state == PREALARM ) { + if ( (state == IDLE) || (state == TAPE) || (state == PREALARM) ) { + // If we should end then previous continuous event and start a new non-continuous event + if ( event && event->Frames() + && (!event->AlarmFrames()) + && (event_close_mode == CLOSE_ALARM) + && ( ( timestamp->tv_sec - video_store_data->recording.tv_sec ) >= min_section_length ) + ) { + Info("%s: %03d - Closing event %" PRIu64 ", continuous end, alarm begins", + name, image_count, event->Id()); + closeEvent(); + } + Debug(3, "pre-alarm-count %d", Event::PreAlarmCount()); // This is so if we need more than 1 alarm frame before going into alarm, so it is basically if we have enough alarm frames if ( (!pre_event_count) || (Event::PreAlarmCount() >= alarm_frame_count) ) { - // If we should end then previous continuous event and start a new non-continuous event - if ( event && event->Frames() - && (!event->AlarmFrames()) - && (event_close_mode == CLOSE_ALARM) - && ( ( timestamp->tv_sec - video_store_data->recording.tv_sec ) >= min_section_length ) - ) { - Info("%s: %03d - Closing event %" PRIu64 ", continuous end, alarm begins", - name, image_count, event->Id()); - closeEvent(); - } shared_data->state = state = ALARM; // lets construct alarm cause. It will contain cause + names of zones alarmed std::string alarm_cause = ""; From 2cbcaeebbcba2a4c875544f4abd444cc72297acd Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 14:11:59 -0400 Subject: [PATCH 230/360] clean out old hwdecode stuff. refactor common code out --- src/zm_ffmpeg.cpp | 28 +-- src/zm_ffmpeg_camera.cpp | 415 +++++++++++---------------------------- src/zm_ffmpeg_camera.h | 11 +- src/zm_ffmpeg_input.cpp | 119 ++++------- 4 files changed, 161 insertions(+), 412 deletions(-) diff --git a/src/zm_ffmpeg.cpp b/src/zm_ffmpeg.cpp index 1dbf3be3b..b701e79bc 100644 --- a/src/zm_ffmpeg.cpp +++ b/src/zm_ffmpeg.cpp @@ -505,7 +505,7 @@ bool is_audio_context( AVCodecContext *codec_context ) { #endif } -int zm_receive_frame( AVCodecContext *context, AVFrame *frame, AVPacket &packet ) { +int zm_receive_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet) { int ret; #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) if ( (ret = avcodec_send_packet(context, &packet)) < 0 ) { @@ -514,28 +514,10 @@ int zm_receive_frame( AVCodecContext *context, AVFrame *frame, AVPacket &packet return 0; } -#if HAVE_AVUTIL_HWCONTEXT_H - if ( hwaccel ) { - if ( (ret = avcodec_receive_frame(context, hwFrame)) < 0 ) { - Error( "Unable to receive frame %d: %s, continuing", streams[packet.stream_index].frame_count, - av_make_error_string(ret).c_str() ); - return 0; - } - if ( (ret = av_hwframe_transfer_data(frame, hwFrame, 0)) < 0 ) { - Error( "Unable to transfer frame at frame %d: %s, continuing", streams[packet.stream_index].frame_count, - av_make_error_string(ret).c_str() ); - return 0; - } - } else { -#endif - if ( (ret = avcodec_receive_frame(context, frame)) < 0 ) { - Error( "Unable to send packet %s, continuing", av_make_error_string(ret).c_str() ); - return 0; - } -#if HAVE_AVUTIL_HWCONTEXT_H + if ( (ret = avcodec_receive_frame(context, frame)) < 0 ) { + Error( "Unable to send packet %s, continuing", av_make_error_string(ret).c_str() ); + return 0; } -#endif - # else int frameComplete = 0; while ( !frameComplete ) { @@ -551,7 +533,7 @@ int zm_receive_frame( AVCodecContext *context, AVFrame *frame, AVPacket &packet } // end while !frameComplete #endif return 1; -} // end int zm_receive_frame( AVCodecContext *context, AVFrame *frame, AVPacket &packet ) +} // end int zm_receive_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet) void dumpPacket(AVStream *stream, AVPacket *pkt, const char *text) { char b[10240]; diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 98dfd0e4e..36ffc1a2c 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -26,7 +26,7 @@ extern "C" { #include "libavutil/time.h" -#if HAVE_AVUTIL_HWCONTEXT_H +#if HAVE_LIBAVUTIL_HWCONTEXT_H #include "libavutil/hwcontext.h" #include "libavutil/hwcontext_qsv.h" #endif @@ -42,6 +42,7 @@ extern "C" { #endif +#if HAVE_LIBAVUTIL_HWCONTEXT_H static enum AVPixelFormat hw_pix_fmt; static enum AVPixelFormat get_hw_format( AVCodecContext *ctx, @@ -57,45 +58,6 @@ static enum AVPixelFormat get_hw_format( Error("Failed to get HW surface format."); return AV_PIX_FMT_NONE; } - -#if HAVE_AVUTIL_HWCONTEXT_H -static AVPixelFormat get_format(AVCodecContext *avctx, const enum AVPixelFormat *pix_fmts) { - while (*pix_fmts != AV_PIX_FMT_NONE) { - if (*pix_fmts == AV_PIX_FMT_QSV) { - DecodeContext *decode = (DecodeContext *)avctx->opaque; - AVHWFramesContext *frames_ctx; - AVQSVFramesContext *frames_hwctx; - int ret; - - /* create a pool of surfaces to be used by the decoder */ - avctx->hw_frames_ctx = av_hwframe_ctx_alloc(decode->hw_device_ref); - if (!avctx->hw_frames_ctx) - return AV_PIX_FMT_NONE; - frames_ctx = (AVHWFramesContext*)avctx->hw_frames_ctx->data; - frames_hwctx = (AVQSVFramesContext*)frames_ctx->hwctx; - - frames_ctx->format = AV_PIX_FMT_QSV; - frames_ctx->sw_format = avctx->sw_pix_fmt; - frames_ctx->width = FFALIGN(avctx->coded_width, 32); - frames_ctx->height = FFALIGN(avctx->coded_height, 32); - frames_ctx->initial_pool_size = 32; - - frames_hwctx->frame_type = MFX_MEMTYPE_VIDEO_MEMORY_DECODER_TARGET; - - ret = av_hwframe_ctx_init(avctx->hw_frames_ctx); - if (ret < 0) - return AV_PIX_FMT_NONE; - - return AV_PIX_FMT_QSV; - } - - pix_fmts++; - } - - Error("The QSV pixel format not offered in get_format()"); - - return AV_PIX_FMT_NONE; -} #endif FfmpegCamera::FfmpegCamera( @@ -136,9 +98,6 @@ FfmpegCamera::FfmpegCamera( } hwaccel = false; -#if HAVE_AVUTIL_HWCONTEXT_H - decode = { NULL }; -#endif hwFrame = NULL; mFormatContext = NULL; @@ -154,7 +113,6 @@ FfmpegCamera::FfmpegCamera( startTime = 0; mCanCapture = false; videoStore = NULL; - video_last_pts = 0; have_video_keyframe = false; packetqueue = NULL; error_count = 0; @@ -175,7 +133,7 @@ FfmpegCamera::FfmpegCamera( } else { Panic("Unexpected colours: %d",colours); } -} +} // FfmpegCamera::FfmpegCamera FfmpegCamera::~FfmpegCamera() { @@ -214,8 +172,8 @@ int FfmpegCamera::PreCapture() { return 0; } -int FfmpegCamera::Capture( Image &image ) { - if ( ! mCanCapture ) { +int FfmpegCamera::Capture(Image &image) { + if ( !mCanCapture ) { return -1; } @@ -233,112 +191,46 @@ int FfmpegCamera::Capture( Image &image ) { // Check for Connection failure. (avResult == -110) ) { - Info("Unable to read packet from stream %d: error %d \"%s\".", packet.stream_index, avResult, errbuf); + Info("Unable to read packet from stream %d: error %d \"%s\".", + packet.stream_index, avResult, errbuf); } else { - Error("Unable to read packet from stream %d: error %d \"%s\".", packet.stream_index, avResult, errbuf); + Error("Unable to read packet from stream %d: error %d \"%s\".", + packet.stream_index, avResult, errbuf); } return -1; } + bytes += packet.size; int keyframe = packet.flags & AV_PKT_FLAG_KEY; if ( keyframe ) have_video_keyframe = true; - Debug( 5, "Got packet from stream %d dts (%d) pts(%d)", packet.stream_index, packet.pts, packet.dts ); + Debug(5, "Got packet from stream %d dts (%d) pts(%d)", + packet.stream_index, packet.pts, packet.dts); // What about audio stream? Maybe someday we could do sound detection... if ( ( packet.stream_index == mVideoStreamId ) && ( keyframe || have_video_keyframe ) ) { - int ret; -#if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - ret = avcodec_send_packet( mVideoCodecContext, &packet ); + int ret; + ret = zm_receive_frame(mVideoCodecContext, mRawFrame, packet); if ( ret < 0 ) { - av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); - Error( "Unable to send packet at frame %d: %s, continuing", frameCount, errbuf ); - zm_av_packet_unref( &packet ); + av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); + Error("Unable to get frame at frame %d: %s, continuing", frameCount, errbuf); + zm_av_packet_unref(&packet); continue; } -#if HAVE_AVUTIL_HWCONTEXT_H - if ( hwaccel ) { - ret = avcodec_receive_frame( mVideoCodecContext, hwFrame ); - if ( ret < 0 ) { - av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); - Error( "Unable to send packet at frame %d: %s, continuing", frameCount, errbuf ); - zm_av_packet_unref( &packet ); - continue; - } - Debug(1, "transfering from hardware"); - ret = av_hwframe_transfer_data(mRawFrame, hwFrame, 0); - if (ret < 0) { - av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); - Error( "Unable to transfer frame at frame %d: %s, continuing", frameCount, errbuf ); - zm_av_packet_unref( &packet ); - continue; - } - } else { -#endif - - - ret = avcodec_receive_frame( mVideoCodecContext, mRawFrame ); - if ( ret < 0 ) { - av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); - Error( "Unable to send packet at frame %d: %s, continuing", frameCount, errbuf ); - zm_av_packet_unref( &packet ); - continue; - } - -#if HAVE_AVUTIL_HWCONTEXT_H - } -#endif - frameComplete = 1; -# else - ret = zm_avcodec_decode_video( mVideoCodecContext, mRawFrame, &frameComplete, &packet ); - if ( ret < 0 ) { - av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); - Error( "Unable to decode frame at frame %d: %s, continuing", frameCount, errbuf ); - zm_av_packet_unref( &packet ); - continue; + Debug(4, "Decoded video packet at frame %d", frameCount); + + if ( transfer_to_image(image, mFrame, mRawFrame) < 0 ) { + zm_av_packet_unref(&packet); + return -1; } -#endif - Debug( 4, "Decoded video packet at frame %d", frameCount ); - - if ( frameComplete ) { - Debug( 4, "Got frame %d", frameCount ); - - uint8_t* directbuffer; - - /* Request a writeable buffer of the target image */ - directbuffer = image.WriteBuffer(width, height, colours, subpixelorder); - if ( directbuffer == NULL ) { - Error("Failed requesting writeable buffer for the captured image."); - return -1; - } - -#if LIBAVUTIL_VERSION_CHECK(54, 6, 0, 6, 0) - av_image_fill_arrays(mFrame->data, mFrame->linesize, - directbuffer, imagePixFormat, width, height, 1); -#else - avpicture_fill( (AVPicture *)mFrame, directbuffer, - imagePixFormat, width, height); -#endif - -#if HAVE_LIBSWSCALE - if ( sws_scale(mConvertContext, mRawFrame->data, mRawFrame->linesize, 0, mVideoCodecContext->height, mFrame->data, mFrame->linesize) <= 0 ) { - Error("Unable to convert raw format %u to target format %u at frame %d", mVideoCodecContext->pix_fmt, imagePixFormat, frameCount); - return -1; - } -#else // HAVE_LIBSWSCALE - Fatal("You must compile ffmpeg with the --enable-swscale option to use ffmpeg cameras"); -#endif // HAVE_LIBSWSCALE - - frameCount++; - } // end if frameComplete + frameCount++; } else { - Debug( 4, "Different stream_index %d", packet.stream_index ); + Debug(4, "Different stream_index %d", packet.stream_index); } // end if packet.stream_index == mVideoStreamId - bytes += packet.size; - zm_av_packet_unref( &packet ); + zm_av_packet_unref(&packet); } // end while ! frameComplete return frameComplete ? 1 : 0; } // FfmpegCamera::Capture @@ -498,44 +390,6 @@ int FfmpegCamera::OpenFfmpeg() { mVideoCodecContext->flags2 |= CODEC_FLAG2_FAST | CODEC_FLAG_LOW_DELAY; #endif -#if HAVE_AVUTIL_HWCONTEXT_H - if ( mVideoCodecContext->codec_id == AV_CODEC_ID_H264 ) { - - //vaapi_decoder = new VAAPIDecoder(); - //mVideoCodecContext->opaque = vaapi_decoder; - //mVideoCodec = vaapi_decoder->openCodec( mVideoCodecContext ); - - if ( ! mVideoCodec ) { - // Try to open an hwaccel codec. - if ( (mVideoCodec = avcodec_find_decoder_by_name("h264_vaapi")) == NULL ) { - Debug(1, "Failed to find decoder (h264_vaapi)" ); - } else { - Debug(1, "Success finding decoder (h264_vaapi)" ); - } - } - if ( ! mVideoCodec ) { - // Try to open an hwaccel codec. - if ( (mVideoCodec = avcodec_find_decoder_by_name("h264_qsv")) == NULL ) { - Debug(1, "Failed to find decoder (h264_qsv)" ); - } else { - Debug(1, "Success finding decoder (h264_qsv)" ); - /* open the hardware device */ - ret = av_hwdevice_ctx_create(&decode.hw_device_ref, AV_HWDEVICE_TYPE_QSV, - "auto", NULL, 0); - if (ret < 0) { - Error("Failed to open the hardware device"); - mVideoCodec = NULL; - } else { - mVideoCodecContext->opaque = &decode; - mVideoCodecContext->get_format = get_format; - hwaccel = true; - hwFrame = zm_av_frame_alloc(); - } - } - } - } // end if h264 -#endif - AVHWAccel *first_hwaccel = av_hwaccel_next(NULL); AVHWAccel *temp_hwaccel = first_hwaccel; AVHWAccel *h264 = NULL; @@ -988,7 +842,6 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event if ( have_video_keyframe || keyframe ) { if ( videoStore ) { - //Write the packet to our video store int ret = videoStore->writeVideoFramePacket(&packet); if ( ret < 0 ) { //Less than zero and we skipped a frame @@ -1001,174 +854,140 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event Debug(4, "about to decode video"); -#if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - ret = avcodec_send_packet(mVideoCodecContext, &packet); + ret = zm_receive_frame(mVideoCodecContext, mRawFrame, packet); + if ( ret < 0 ) { av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error("Unable to send packet at frame %d: %s, continuing", frameCount, errbuf); + Warning("Unable to receive frame %d: %s, continuing. error count is %s", + frameCount, errbuf, error_count); + error_count += 1; + if ( error_count > 100 ) { + Error("Error count over 100, going to close and re-open stream"); + return -1; + } zm_av_packet_unref(&packet); continue; } -#if HAVE_AVUTIL_HWCONTEXT_H - if ( hwaccel ) { - Debug(1, "Using hwaccel to decode"); - ret = avcodec_receive_frame(mVideoCodecContext, hwFrame); - if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error("Unable to send packet at frame %d: %s, continuing", frameCount, errbuf); - zm_av_packet_unref(&packet); - continue; - } - ret = av_hwframe_transfer_data(mRawFrame, hwFrame, 0); - if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error("Unable to transfer frame at frame %d: %s, continuing", frameCount, errbuf); - zm_av_packet_unref(&packet); - continue; - } - } else { -#endif - Debug(1, "Decodingaccel to decode"); - - ret = avcodec_receive_frame(mVideoCodecContext, mRawFrame); - if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Warning("Unable to receive frame %d: %s, continuing. error count is %s", - frameCount, errbuf, error_count); - error_count += 1; - if ( error_count > 100 ) { - Error("Error count over 100, going to close and re-open stream"); - return -1; - } - zm_av_packet_unref(&packet); - continue; - } - if ( error_count > 0 ) error_count --; - zm_dump_video_frame(mRawFrame); - if ( mRawFrame->format == hw_pix_fmt ) { - /* retrieve data from GPU to CPU */ - ret = av_hwframe_transfer_data(hwFrame, mRawFrame, 0); - if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error("Unable to transfer frame at frame %d: %s, continuing", frameCount, errbuf); - zm_av_packet_unref(&packet); - continue; - } - Debug(1,"Success transfering"); - zm_dump_video_frame(hwFrame); - - hwFrame->pts = mRawFrame->pts; - input_frame = hwFrame; - } else { - input_frame = mRawFrame; - } - -#if HAVE_AVUTIL_HWCONTEXT_H - } -#endif - - frameComplete = 1; -# else - ret = zm_avcodec_decode_video(mVideoCodecContext, input_frame, &frameComplete, &packet); + if ( error_count > 0 ) error_count --; + zm_dump_video_frame(mRawFrame); +#if HAVE_LIBAVUTIL_HWCONTEXT_H + if ( mRawFrame->format == hw_pix_fmt ) { + /* retrieve data from GPU to CPU */ + ret = av_hwframe_transfer_data(hwFrame, mRawFrame, 0); if ( ret < 0 ) { av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error("Unable to decode frame at frame %d: %s, continuing", frameCount, errbuf); - zm_av_packet_unref( &packet ); + Error("Unable to transfer frame at frame %d: %s, continuing", frameCount, errbuf); + zm_av_packet_unref(&packet); continue; - } + } + zm_dump_video_frame(hwFrame, "After hwtransfer"); + + hwFrame->pts = mRawFrame->pts; + input_frame = hwFrame; + } else { +#endif + input_frame = mRawFrame; +#if HAVE_LIBAVUTIL_HWCONTEXT_H + } #endif - if ( frameComplete ) { - Debug(4, "Got frame %d", frameCount); + Debug(4, "Got frame %d", frameCount); + if ( transfer_to_image(image, mFrame, input_frame) < 0 ) { + zm_av_packet_unref(&packet); + return -1; + } - uint8_t* directbuffer; - - /* Request a writeable buffer of the target image */ - directbuffer = image.WriteBuffer(width, height, colours, subpixelorder); - if ( directbuffer == NULL ) { - Error("Failed requesting writeable buffer for the captured image."); - zm_av_packet_unref(&packet); - return -1; - } -#if LIBAVUTIL_VERSION_CHECK(54, 6, 0, 6, 0) - av_image_fill_arrays(mFrame->data, mFrame->linesize, directbuffer, imagePixFormat, width, height, 1); -#else - avpicture_fill( (AVPicture *)mFrame, directbuffer, imagePixFormat, width, height); -#endif - Debug(1,"swscale target format: %c%c%c%c %c%c%c%c", - (imagePixFormat)&0xff,((imagePixFormat>>8)&0xff),((imagePixFormat>>16)&0xff),((imagePixFormat>>24)&0xff), - (mVideoCodecContext->pix_fmt)&0xff, - ((mVideoCodecContext->pix_fmt>>8)&0xff), - ((mVideoCodecContext->pix_fmt>>16)&0xff), - ((mVideoCodecContext->pix_fmt>>24)&0xff) - ); - if ( ! mConvertContext ) { - mConvertContext = sws_getContext( - input_frame->width, - input_frame->height, - (AVPixelFormat)input_frame->format, - width, height, - imagePixFormat, SWS_BICUBIC, NULL, - NULL, NULL); - if ( mConvertContext == NULL ) { - Error( "Unable to create conversion context for %s", mPath.c_str() ); - return -1; - } - } - - if ( sws_scale(mConvertContext, input_frame->data, input_frame->linesize, - 0, mVideoCodecContext->height, mFrame->data, mFrame->linesize) <= 0 ) { - Error("Unable to convert raw format %u to target format %u at frame %d codec %u ", - input_frame->format, - imagePixFormat, frameCount, - mVideoCodecContext->pix_fmt - ); - return -1; - } - - frameCount++; - } else { - Debug( 3, "Not framecomplete after av_read_frame" ); - } // end if frameComplete + frameComplete = 1; + frameCount++; } else if ( packet.stream_index == mAudioStreamId ) { //FIXME best way to copy all other streams frameComplete = 1; if ( videoStore ) { if ( record_audio ) { if ( have_video_keyframe ) { - Debug(3, "Recording audio packet streamindex(%d) packetstreamindex(%d)", mAudioStreamId, packet.stream_index ); + Debug(3, "Recording audio packet streamindex(%d) packetstreamindex(%d)", + mAudioStreamId, packet.stream_index); //Write the packet to our video store //FIXME no relevance of last key frame int ret = videoStore->writeAudioFramePacket( &packet ); if ( ret < 0 ) {//Less than zero and we skipped a frame Warning("Failure to write audio packet."); - zm_av_packet_unref( &packet ); + zm_av_packet_unref(&packet); return 0; } } else { Debug(3, "Not recording audio yet because we don't have a video keyframe yet"); } } else { - Debug(4, "Not doing recording of audio packet" ); + Debug(4, "Not doing recording of audio packet"); } } else { - Debug(4, "Have audio packet, but not recording atm" ); + Debug(4, "Have audio packet, but not recording atm"); } - zm_av_packet_unref( &packet ); + zm_av_packet_unref(&packet); return 0; } else { #if LIBAVUTIL_VERSION_CHECK(56, 23, 0, 23, 0) - Debug( 3, "Some other stream index %d, %s", packet.stream_index, av_get_media_type_string( mFormatContext->streams[packet.stream_index]->codecpar->codec_type) ); + Debug(3, "Some other stream index %d, %s", + packet.stream_index, + av_get_media_type_string(mFormatContext->streams[packet.stream_index]->codecpar->codec_type) + ); #else - Debug( 3, "Some other stream index %d", packet.stream_index ); + Debug(3, "Some other stream index %d", packet.stream_index); #endif } // end if is video or audio or something else // the packet contents are ref counted... when queuing, we allocate another packet and reference it with that one, so we should always need to unref here, which should not affect the queued version. - zm_av_packet_unref( &packet ); + zm_av_packet_unref(&packet); } // end while ! frameComplete return frameCount; } // end FfmpegCamera::CaptureAndRecord +int FfmpegCamera::transfer_to_image(Image &image, AVFrame *output_frame, AVFrame *input_frame) { + uint8_t* directbuffer; + + /* Request a writeable buffer of the target image */ + directbuffer = image.WriteBuffer(width, height, colours, subpixelorder); + if ( directbuffer == NULL ) { + Error("Failed requesting writeable buffer for the captured image."); + return -1; + } +#if LIBAVUTIL_VERSION_CHECK(54, 6, 0, 6, 0) + av_image_fill_arrays(output_frame->data, output_frame->linesize, + directbuffer, imagePixFormat, width, height, 1); +#else + avpicture_fill((AVPicture *)output_frame, directbuffer, + imagePixFormat, width, height); +#endif +#if HAVE_LIBSWSCALE + if ( ! mConvertContext ) { + mConvertContext = sws_getContext( + input_frame->width, + input_frame->height, + (AVPixelFormat)input_frame->format, + width, height, + imagePixFormat, SWS_BICUBIC, NULL, + NULL, NULL); + if ( mConvertContext == NULL ) { + Error("Unable to create conversion context for %s", mPath.c_str()); + return -1; + } + } + + if ( sws_scale(mConvertContext, input_frame->data, input_frame->linesize, + 0, mVideoCodecContext->height, output_frame->data, output_frame->linesize) <= 0 ) { + Error("Unable to convert raw format %u to target format %u at frame %d codec %u ", + input_frame->format, + imagePixFormat, frameCount, + mVideoCodecContext->pix_fmt + ); + return -1; + } +#else // HAVE_LIBSWSCALE + Fatal("You must compile ffmpeg with the --enable-swscale option to use ffmpeg cameras"); +#endif // HAVE_LIBSWSCALE + return 0; +} // end int FfmpegCamera::transfer_to_image(Image &i, AVFrame *output_frame, AVFrame input_frame) + int FfmpegCamera::FfmpegInterruptCallback(void *ctx) { //FfmpegCamera* camera = reinterpret_cast(ctx); //Debug(4, "FfmpegInterruptCallback"); diff --git a/src/zm_ffmpeg_camera.h b/src/zm_ffmpeg_camera.h index 626269f51..9f7fbb3ae 100644 --- a/src/zm_ffmpeg_camera.h +++ b/src/zm_ffmpeg_camera.h @@ -27,7 +27,7 @@ #include "zm_videostore.h" #include "zm_packetqueue.h" -#if HAVE_AVUTIL_HWCONTEXT_H +#if HAVE_LIBAVUTIL_HWCONTEXT_H typedef struct DecodeContext { AVBufferRef *hw_device_ref; } DecodeContext; @@ -59,17 +59,11 @@ class FfmpegCamera : public Camera { bool hwaccel; AVFrame *hwFrame; -#if HAVE_AVUTIL_HWCONTEXT_H +#if HAVE_LIBAVUTIL_HWCONTEXT_H DecodeContext decode; #endif AVBufferRef *hw_device_ctx = NULL; - // Need to keep track of these because apparently the stream can start with values for pts/dts and then subsequent packets start at zero. - int64_t audio_last_pts; - int64_t audio_last_dts; - int64_t video_last_pts; - int64_t video_last_dts; - // Used to store the incoming packet, it will get copied when queued. // We only ever need one at a time, so instead of constantly allocating // and freeing this structure, we will just make it a member of the object. @@ -110,5 +104,6 @@ class FfmpegCamera : public Camera { int PostCapture(); private: static int FfmpegInterruptCallback(void*ctx); + int transfer_to_image(Image &i, AVFrame *output_frame, AVFrame *input_frame); }; #endif // ZM_FFMPEG_CAMERA_H diff --git a/src/zm_ffmpeg_input.cpp b/src/zm_ffmpeg_input.cpp index 139e6d862..3c888fa6f 100644 --- a/src/zm_ffmpeg_input.cpp +++ b/src/zm_ffmpeg_input.cpp @@ -20,18 +20,18 @@ FFmpeg_Input::~FFmpeg_Input() { } } -int FFmpeg_Input::Open( const char *filepath ) { +int FFmpeg_Input::Open(const char *filepath) { int error; /** Open the input file to read from it. */ - if ( (error = avformat_open_input( &input_format_context, filepath, NULL, NULL)) < 0 ) { - + error = avformat_open_input(&input_format_context, filepath, NULL, NULL); + if ( error < 0 ) { Error("Could not open input file '%s' (error '%s')\n", filepath, av_make_error_string(error).c_str() ); input_format_context = NULL; return error; - } + } /** Get information on the input file (number of streams etc.). */ if ( (error = avformat_find_stream_info(input_format_context, NULL)) < 0 ) { @@ -44,23 +44,23 @@ int FFmpeg_Input::Open( const char *filepath ) { } streams = new stream[input_format_context->nb_streams]; - Debug(2,"Have %d streams", input_format_context->nb_streams); + Debug(2, "Have %d streams", input_format_context->nb_streams); for ( unsigned int i = 0; i < input_format_context->nb_streams; i += 1 ) { - if ( is_video_stream( input_format_context->streams[i] ) ) { + if ( is_video_stream(input_format_context->streams[i]) ) { zm_dump_stream_format(input_format_context, i, 0, 0); if ( video_stream_id == -1 ) { video_stream_id = i; // if we break, then we won't find the audio stream } else { - Warning( "Have another video stream." ); + Warning("Have another video stream."); } - } else if ( is_audio_stream( input_format_context->streams[i] ) ) { + } else if ( is_audio_stream(input_format_context->streams[i]) ) { if ( audio_stream_id == -1 ) { - Debug(2,"Audio stream is %d", i); + Debug(2, "Audio stream is %d", i); audio_stream_id = i; } else { - Warning( "Have another audio stream." ); + Warning("Have another audio stream."); } } else { Warning("Unknown stream type"); @@ -68,25 +68,26 @@ int FFmpeg_Input::Open( const char *filepath ) { streams[i].frame_count = 0; #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - streams[i].context = avcodec_alloc_context3( NULL ); - avcodec_parameters_to_context( streams[i].context, input_format_context->streams[i]->codecpar ); + streams[i].context = avcodec_alloc_context3(NULL); + avcodec_parameters_to_context(streams[i].context, input_format_context->streams[i]->codecpar); #else streams[i].context = input_format_context->streams[i]->codec; #endif if ( !(streams[i].codec = avcodec_find_decoder(streams[i].context->codec_id)) ) { - Error( "Could not find input codec\n"); + Error("Could not find input codec"); avformat_close_input(&input_format_context); return AVERROR_EXIT; } else { - Debug(1, "Using codec (%s) for stream %d", streams[i].codec->name, i ); + Debug(1, "Using codec (%s) for stream %d", streams[i].codec->name, i); } - if ((error = avcodec_open2( streams[i].context, streams[i].codec, NULL)) < 0) { - Error( "Could not open input codec (error '%s')\n", - av_make_error_string(error).c_str() ); + error = avcodec_open2(streams[i].context, streams[i].codec, NULL); + if ( error < 0 ) { + Error("Could not open input codec (error '%s')", + av_make_error_string(error).c_str()); #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - avcodec_free_context( &streams[i].context ); + avcodec_free_context(&streams[i].context); #endif avformat_close_input(&input_format_context); return error; @@ -94,14 +95,14 @@ int FFmpeg_Input::Open( const char *filepath ) { } // end foreach stream if ( video_stream_id == -1 ) - Error( "Unable to locate video stream in %s", filepath ); + Error("Unable to locate video stream in %s", filepath); if ( audio_stream_id == -1 ) - Debug( 3, "Unable to locate audio stream in %s", filepath ); + Debug(3, "Unable to locate audio stream in %s", filepath); return 0; } // end int FFmpeg_Input::Open( const char * filepath ) -AVFrame *FFmpeg_Input::get_frame( int stream_id ) { +AVFrame *FFmpeg_Input::get_frame(int stream_id) { Debug(1, "Getting frame from stream %d", stream_id); int frameComplete = false; @@ -119,85 +120,38 @@ AVFrame *FFmpeg_Input::get_frame( int stream_id ) { // Check for Connection failure. (ret == -110) ) { - Info( "av_read_frame returned %s.", errbuf ); + Info("av_read_frame returned %s.", errbuf); return NULL; } - Error( "Unable to read packet from stream %d: error %d \"%s\".", packet.stream_index, ret, errbuf ); + Error("Unable to read packet from stream %d: error %d \"%s\".", + packet.stream_index, ret, errbuf); return NULL; } dumpPacket(input_format_context->streams[packet.stream_index], &packet, "Received packet"); if ( (stream_id < 0) || (packet.stream_index == stream_id) ) { - Debug(3,"Packet is for our stream (%d)", packet.stream_index ); + Debug(3, "Packet is for our stream (%d)", packet.stream_index); AVCodecContext *context = streams[packet.stream_index].context; -#if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - ret = avcodec_send_packet(context, &packet); - if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error("Unable to send packet at frame %d: %s, continuing", - streams[packet.stream_index].frame_count, errbuf); - zm_av_packet_unref(&packet); - continue; - } - -#if HAVE_AVUTIL_HWCONTEXT_H - if ( hwaccel ) { - ret = avcodec_receive_frame( context, hwFrame ); - if ( ret < 0 ) { - av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); - Error( "Unable to receive frame %d: %s, continuing", streams[packet.stream_index].frame_count, errbuf ); - zm_av_packet_unref( &packet ); - continue; - } - ret = av_hwframe_transfer_data(frame, hwFrame, 0); - if (ret < 0) { - av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); - Error( "Unable to transfer frame at frame %d: %s, continuing", streams[packet.stream_index].frame_count, errbuf ); - zm_av_packet_unref(&packet); - continue; - } - } else { -#endif if ( frame ) { av_frame_free(&frame); frame = zm_av_frame_alloc(); } else { frame = zm_av_frame_alloc(); } - //Debug(1,"Getting frame %d", streams[packet.stream_index].frame_count); - ret = avcodec_receive_frame(context, frame); + ret = zm_receive_frame(context, frame, packet); if ( ret < 0 ) { - av_strerror( ret, errbuf, AV_ERROR_MAX_STRING_SIZE ); - Error( "Unable to send packet at frame %d: %s, continuing", streams[packet.stream_index].frame_count, errbuf ); + av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); + Error("Unable to decode frame at frame %d: %s, continuing", + streams[packet.stream_index].frame_count, errbuf); zm_av_packet_unref( &packet ); av_frame_free(&frame); continue; } -#if HAVE_AVUTIL_HWCONTEXT_H - } -#endif - - frameComplete = 1; -# else - if ( frame ) { - av_frame_free(&frame); - frame = zm_av_frame_alloc(); - } else { - frame = zm_av_frame_alloc(); - } - ret = zm_avcodec_decode_video(context, frame, &frameComplete, &packet); - if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error( "Unable to decode frame at frame %d: %s, continuing", streams[packet.stream_index].frame_count, errbuf ); - zm_av_packet_unref( &packet ); - av_frame_free(&frame); - continue; - } -#endif - } // end if it's the right stream + frameComplete = 1; + } // end if it's the right stream zm_av_packet_unref(&packet); @@ -206,7 +160,7 @@ AVFrame *FFmpeg_Input::get_frame( int stream_id ) { } // end AVFrame *FFmpeg_Input::get_frame -AVFrame *FFmpeg_Input::get_frame( int stream_id, double at ) { +AVFrame *FFmpeg_Input::get_frame(int stream_id, double at) { Debug(1, "Getting frame from stream %d at %f", stream_id, at); int64_t seek_target = (int64_t)(at * AV_TIME_BASE); @@ -218,9 +172,8 @@ AVFrame *FFmpeg_Input::get_frame( int stream_id, double at ) { if ( !frame ) { // Don't have a frame yet, so get a keyframe before the timestamp - if ( ( ret = av_seek_frame( - input_format_context, stream_id, seek_target, AVSEEK_FLAG_FRAME - ) < 0 ) ) { + ret = av_seek_frame(input_format_context, stream_id, seek_target, AVSEEK_FLAG_FRAME); + if ( ret < 0 ) { Error("Unable to seek in stream"); return NULL; } @@ -246,7 +199,7 @@ AVFrame *FFmpeg_Input::get_frame( int stream_id, double at ) { if ( frame->pts <= seek_target ) { zm_dump_frame(frame, "pts <= seek_target"); while ( frame && (frame->pts < seek_target) ) { - if ( ! get_frame(stream_id) ) + if ( !get_frame(stream_id) ) return frame; } return frame; From 19af25bf1a93b80589593bfcda25f2c41d91164d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:29:46 -0400 Subject: [PATCH 231/360] add DecoderHWAccel fields to Monitors --- db/zm_create.sql.in | 2 ++ db/zm_update-1.33.11.sql | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 db/zm_update-1.33.11.sql diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index ac4f2fbed..f8fb8673b 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -456,6 +456,8 @@ CREATE TABLE `Monitors` ( `Palette` int(10) unsigned NOT NULL default '0', `Orientation` enum('0','90','180','270','hori','vert') NOT NULL default '0', `Deinterlacing` int(10) unsigned NOT NULL default '0', + `DecoderHWAccelName` varchar(64), + `DecoderHWAccelDevice` varchar(255), `SaveJPEGs` TINYINT NOT NULL DEFAULT '3' , `VideoWriter` TINYINT NOT NULL DEFAULT '0', `OutputCodec` enum('h264','mjpeg','mpeg1','mpeg2'), diff --git a/db/zm_update-1.33.11.sql b/db/zm_update-1.33.11.sql new file mode 100644 index 000000000..57b04ce11 --- /dev/null +++ b/db/zm_update-1.33.11.sql @@ -0,0 +1,24 @@ + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Monitors' + AND column_name = 'DecoderHWAccelName' + ) > 0, + "SELECT 'Column DecoderHWAccelName already exists in Monitors'", + "ALTER TABLE Monitors ADD `DecoderHWAccelName` varchar(64) AFTER `Deinterlacing`" + )); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Monitors' + AND column_name = 'DecoderHWAccelDevice' + ) > 0, + "SELECT 'Column DecoderHWAccelDevice already exists in Monitors'", + "ALTER TABLE Monitors ADD `DecoderHWAccelDevice` varchar(255) AFTER `DecoderHWAccelName`" + )); + +PREPARE stmt FROM @s; +EXECUTE stmt; From 6a87d9a8759db2954750c3d13468cd5a09235163 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:32:47 -0400 Subject: [PATCH 232/360] change zm_receive_frame to return AVERROR instead of boolean --- src/zm_ffmpeg.cpp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/zm_ffmpeg.cpp b/src/zm_ffmpeg.cpp index b701e79bc..029492f90 100644 --- a/src/zm_ffmpeg.cpp +++ b/src/zm_ffmpeg.cpp @@ -511,12 +511,13 @@ int zm_receive_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet) if ( (ret = avcodec_send_packet(context, &packet)) < 0 ) { Error( "Unable to send packet %s, continuing", av_make_error_string(ret).c_str() ); - return 0; + return ret; } if ( (ret = avcodec_receive_frame(context, frame)) < 0 ) { - Error( "Unable to send packet %s, continuing", av_make_error_string(ret).c_str() ); - return 0; + Error("Unable to send packet %s, continuing", + av_make_error_string(ret).c_str()); + return ret; } # else int frameComplete = 0; @@ -528,11 +529,11 @@ int zm_receive_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet) } if ( ret < 0 ) { Error("Unable to decode frame: %s", av_make_error_string(ret).c_str()); - return 0; + return ret; } } // end while !frameComplete #endif - return 1; + return 0; } // end int zm_receive_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet) void dumpPacket(AVStream *stream, AVPacket *pkt, const char *text) { From cf7f3e8a884d742aa17e78bf6bec83e72fb0d021 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:33:54 -0400 Subject: [PATCH 233/360] add passing hwaccel name and device. use av_make_error_string(ret).c_str() to reduce code and increase consistency --- src/zm_ffmpeg_camera.cpp | 172 ++++++++++++++++++++++----------------- src/zm_ffmpeg_camera.h | 27 ++++-- 2 files changed, 118 insertions(+), 81 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 36ffc1a2c..fe0211a2e 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -73,7 +73,9 @@ FfmpegCamera::FfmpegCamera( int p_hue, int p_colour, bool p_capture, - bool p_record_audio + bool p_record_audio, + const std::string &p_hwaccel_name, + const std::string &p_hwaccel_device ) : Camera( p_id, @@ -89,9 +91,11 @@ FfmpegCamera::FfmpegCamera( p_capture, p_record_audio ), - mPath( p_path ), - mMethod( p_method ), - mOptions( p_options ) + mPath(p_path), + mMethod(p_method), + mOptions(p_options), + hwaccel_name(p_hwaccel_name), + hwaccel_device(p_hwaccel_device) { if ( capture ) { Initialise(); @@ -177,25 +181,24 @@ int FfmpegCamera::Capture(Image &image) { return -1; } + int ret; // If the reopen thread has a value, but mCanCapture != 0, then we have just reopened the connection to the ffmpeg device, and we can clean up the thread. int frameComplete = false; while ( !frameComplete && !zm_terminate) { - int avResult = av_read_frame(mFormatContext, &packet); - char errbuf[AV_ERROR_MAX_STRING_SIZE]; - if ( avResult < 0 ) { - av_strerror(avResult, errbuf, AV_ERROR_MAX_STRING_SIZE); + ret = av_read_frame(mFormatContext, &packet); + if ( ret < 0 ) { if ( // Check if EOF. - (avResult == AVERROR_EOF || (mFormatContext->pb && mFormatContext->pb->eof_reached)) || + (ret == AVERROR_EOF || (mFormatContext->pb && mFormatContext->pb->eof_reached)) || // Check for Connection failure. - (avResult == -110) + (ret == -110) ) { Info("Unable to read packet from stream %d: error %d \"%s\".", - packet.stream_index, avResult, errbuf); + packet.stream_index, ret, av_make_error_string(ret).c_str()); } else { Error("Unable to read packet from stream %d: error %d \"%s\".", - packet.stream_index, avResult, errbuf); + packet.stream_index, ret, av_make_error_string(ret).c_str()); } return -1; } @@ -209,11 +212,10 @@ int FfmpegCamera::Capture(Image &image) { packet.stream_index, packet.pts, packet.dts); // What about audio stream? Maybe someday we could do sound detection... if ( ( packet.stream_index == mVideoStreamId ) && ( keyframe || have_video_keyframe ) ) { - int ret; ret = zm_receive_frame(mVideoCodecContext, mRawFrame, packet); if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error("Unable to get frame at frame %d: %s, continuing", frameCount, errbuf); + Error("Unable to get frame at frame %d: %s, continuing", + frameCount, av_make_error_string(ret).c_str()); zm_av_packet_unref(&packet); continue; } @@ -249,7 +251,7 @@ int FfmpegCamera::OpenFfmpeg() { // Open the input, not necessarily a file #if !LIBAVFORMAT_VERSION_CHECK(53, 2, 0, 4, 0) - if ( av_open_input_file( &mFormatContext, mPath.c_str(), NULL, 0, NULL ) != 0 ) + if ( av_open_input_file(&mFormatContext, mPath.c_str(), NULL, 0, NULL) != 0 ) #else // Handle options AVDictionary *opts = 0; @@ -274,7 +276,7 @@ int FfmpegCamera::OpenFfmpeg() { //#av_dict_set(&opts, "timeout", "10000000", 0); // in microseconds. if ( ret < 0 ) { - Warning("Could not set rtsp_transport method '%s'\n", method.c_str()); + Warning("Could not set rtsp_transport method '%s'", method.c_str()); } Debug(1, "Calling avformat_open_input for %s", mPath.c_str()); @@ -287,10 +289,11 @@ int FfmpegCamera::OpenFfmpeg() { mFormatContext->interrupt_callback.callback = FfmpegInterruptCallback; mFormatContext->interrupt_callback.opaque = this; - if ( avformat_open_input(&mFormatContext, mPath.c_str(), NULL, &opts) != 0 ) + ret = avformat_open_input(&mFormatContext, mPath.c_str(), NULL, &opts); + if ( ret != 0 ) #endif { - Error("Unable to open input %s due to: %s", mPath.c_str(), strerror(errno)); + Error("Unable to open input %s due to: %s", mPath.c_str(), strerror(ret)); #if !LIBAVFORMAT_VERSION_CHECK(53, 17, 0, 25, 0) av_close_input_file(mFormatContext); #else @@ -423,45 +426,47 @@ int FfmpegCamera::OpenFfmpeg() { Debug(1, "Video Found decoder %s", mVideoCodec->name); zm_dump_stream_format(mFormatContext, mVideoStreamId, 0, 0); - enum AVHWDeviceType type = AV_HWDEVICE_TYPE_NONE; - while ( (type = av_hwdevice_iterate_types(type)) != AV_HWDEVICE_TYPE_NONE ) - Debug(1, "%s", av_hwdevice_get_type_name(type)); + if ( hwaccel_name != "" ) { + enum AVHWDeviceType type = AV_HWDEVICE_TYPE_NONE; + while ( (type = av_hwdevice_iterate_types(type)) != AV_HWDEVICE_TYPE_NONE ) + Debug(1, "%s", av_hwdevice_get_type_name(type)); - const char *hw_name = "vaapi"; - type = av_hwdevice_find_type_by_name(hw_name); - if ( type == AV_HWDEVICE_TYPE_NONE ) { - Debug(1,"Device type %s is not supported.", hw_name); - } else { - Debug(1, "Found hwdevice %s", av_hwdevice_get_type_name(type)); - } + const char *hw_name = hwaccel_name.c_str(); + type = av_hwdevice_find_type_by_name(hw_name); + if ( type == AV_HWDEVICE_TYPE_NONE ) { + Debug(1, "Device type %s is not supported.", hw_name); + } else { + Debug(1, "Found hwdevice %s", av_hwdevice_get_type_name(type)); + } - // Get h_pix_fmt - for ( int i = 0;; i++ ) { - const AVCodecHWConfig *config = avcodec_get_hw_config(mVideoCodec, i); - if ( !config ) { - Debug(1, "Decoder %s does not support device type %s.", - mVideoCodec->name, av_hwdevice_get_type_name(type)); + // Get h_pix_fmt + for ( int i = 0;; i++ ) { + const AVCodecHWConfig *config = avcodec_get_hw_config(mVideoCodec, i); + if ( !config ) { + Debug(1, "Decoder %s does not support device type %s.", + mVideoCodec->name, av_hwdevice_get_type_name(type)); + return -1; + } + if ( (config->methods & AV_CODEC_HW_CONFIG_METHOD_HW_DEVICE_CTX ) + && (config->device_type == type) + ) { + hw_pix_fmt = config->pix_fmt; + break; + } + } // end foreach hwconfig + + mVideoCodecContext->get_format = get_hw_format; + + Debug(1, "Creating hwdevice"); + if ((ret = av_hwdevice_ctx_create(&hw_device_ctx, type, NULL, NULL, 0)) < 0) { + Error("Failed to create specified HW device."); return -1; } - if ( (config->methods & AV_CODEC_HW_CONFIG_METHOD_HW_DEVICE_CTX ) - && (config->device_type == type) - ) { - hw_pix_fmt = config->pix_fmt; - break; - } - } // end foreach hwconfig - - mVideoCodecContext->get_format = get_hw_format; - - Debug(1, "Creating hwdevice"); - if ((ret = av_hwdevice_ctx_create(&hw_device_ctx, type, NULL, NULL, 0)) < 0) { - Error("Failed to create specified HW device."); - return -1; - } - Debug(1, "Created hwdevice"); - mVideoCodecContext->hw_device_ctx = av_buffer_ref(hw_device_ctx); - hwaccel = true; - hwFrame = zm_av_frame_alloc(); + Debug(1, "Created hwdevice"); + mVideoCodecContext->hw_device_ctx = av_buffer_ref(hw_device_ctx); + hwaccel = true; + hwFrame = zm_av_frame_alloc(); + } // end if hwacel_name // Open the codec #if !LIBAVFORMAT_VERSION_CHECK(53, 8, 0, 8, 0) @@ -551,16 +556,27 @@ int FfmpegCamera::OpenFfmpeg() { #if HAVE_LIBSWSCALE Debug(1, "Calling sws_isSupportedInput"); if ( !sws_isSupportedInput(mVideoCodecContext->pix_fmt) ) { - Error("swscale does not support the codec format: %c%c%c%c", (mVideoCodecContext->pix_fmt)&0xff, ((mVideoCodecContext->pix_fmt >> 8)&0xff), ((mVideoCodecContext->pix_fmt >> 16)&0xff), ((mVideoCodecContext->pix_fmt >> 24)&0xff)); + Error("swscale does not support the codec format: %c%c%c%c", + (mVideoCodecContext->pix_fmt)&0xff, + ((mVideoCodecContext->pix_fmt >> 8)&0xff), + ((mVideoCodecContext->pix_fmt >> 16)&0xff), + ((mVideoCodecContext->pix_fmt >> 24)&0xff) + ); return -1; } if ( !sws_isSupportedOutput(imagePixFormat) ) { - Error("swscale does not support the target format: %c%c%c%c",(imagePixFormat)&0xff,((imagePixFormat>>8)&0xff),((imagePixFormat>>16)&0xff),((imagePixFormat>>24)&0xff)); + Error("swscale does not support the target format: %c%c%c%c", + (imagePixFormat)&0xff, + ((imagePixFormat>>8)&0xff), + ((imagePixFormat>>16)&0xff), + ((imagePixFormat>>24)&0xff) + ); return -1; } # if 0 + // Have to get a frame first to find out the actual format returned by decoding mConvertContext = sws_getContext( mVideoCodecContext->width, mVideoCodecContext->height, @@ -577,8 +593,14 @@ int FfmpegCamera::OpenFfmpeg() { Fatal( "You must compile ffmpeg with the --enable-swscale option to use ffmpeg cameras" ); #endif // HAVE_LIBSWSCALE - if ( (unsigned int)mVideoCodecContext->width != width || (unsigned int)mVideoCodecContext->height != height ) { - Warning( "Monitor dimensions are %dx%d but camera is sending %dx%d", width, height, mVideoCodecContext->width, mVideoCodecContext->height ); + if ( + ((unsigned int)mVideoCodecContext->width != width) + || + ((unsigned int)mVideoCodecContext->height != height) + ) { + Warning("Monitor dimensions are %dx%d but camera is sending %dx%d", + width, height, mVideoCodecContext->width, mVideoCodecContext->height + ); } mCanCapture = true; @@ -593,17 +615,17 @@ int FfmpegCamera::Close() { mCanCapture = false; if ( mFrame ) { - av_frame_free( &mFrame ); + av_frame_free(&mFrame); mFrame = NULL; } if ( mRawFrame ) { - av_frame_free( &mRawFrame ); + av_frame_free(&mRawFrame); mRawFrame = NULL; } #if HAVE_LIBSWSCALE if ( mConvertContext ) { - sws_freeContext( mConvertContext ); + sws_freeContext(mConvertContext); mConvertContext = NULL; } #endif @@ -631,9 +653,9 @@ int FfmpegCamera::Close() { if ( mFormatContext ) { #if !LIBAVFORMAT_VERSION_CHECK(53, 17, 0, 25, 0) - av_close_input_file( mFormatContext ); + av_close_input_file(mFormatContext); #else - avformat_close_input( &mFormatContext ); + avformat_close_input(&mFormatContext); #endif mFormatContext = NULL; } @@ -652,7 +674,6 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event return -1; } int ret; - static char errbuf[AV_ERROR_MAX_STRING_SIZE]; int frameComplete = false; while ( !frameComplete ) { @@ -660,16 +681,17 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event ret = av_read_frame(mFormatContext, &packet); if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); if ( // Check if EOF. (ret == AVERROR_EOF || (mFormatContext->pb && mFormatContext->pb->eof_reached)) || // Check for Connection failure. (ret == -110) ) { - Info("Unable to read packet from stream %d: error %d \"%s\".", packet.stream_index, ret, errbuf); + Info("Unable to read packet from stream %d: error %d \"%s\".", + packet.stream_index, ret, av_make_error_string(ret).c_str()); } else { - Error("Unable to read packet from stream %d: error %d \"%s\".", packet.stream_index, ret, errbuf); + Error("Unable to read packet from stream %d: error %d \"%s\".", + packet.stream_index, ret, av_make_error_string(ret).c_str()); } return -1; } @@ -771,7 +793,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event ZMPacket *queued_packet; // Clear all packets that predate the moment when the recording began - packetqueue->clear_unwanted_packets( &recording, mVideoStreamId ); + packetqueue->clear_unwanted_packets(&recording, mVideoStreamId); while ( ( queued_packet = packetqueue->popPacket() ) ) { AVPacket *avp = queued_packet->av_packet(); @@ -781,10 +803,10 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event Debug(2, "Writing queued packet stream: %d KEY %d, remaining (%d)", avp->stream_index, avp->flags & AV_PKT_FLAG_KEY, packetqueue->size()); if ( avp->stream_index == mVideoStreamId ) { - ret = videoStore->writeVideoFramePacket( avp ); + ret = videoStore->writeVideoFramePacket(avp); have_video_keyframe = true; } else if ( avp->stream_index == mAudioStreamId ) { - ret = videoStore->writeAudioFramePacket( avp ); + ret = videoStore->writeAudioFramePacket(avp); } else { Warning("Unknown stream id in queued packet (%d)", avp->stream_index); ret = -1; @@ -855,11 +877,9 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event Debug(4, "about to decode video"); ret = zm_receive_frame(mVideoCodecContext, mRawFrame, packet); - if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); Warning("Unable to receive frame %d: %s, continuing. error count is %s", - frameCount, errbuf, error_count); + frameCount, av_make_error_string(ret).c_str(), error_count); error_count += 1; if ( error_count > 100 ) { Error("Error count over 100, going to close and re-open stream"); @@ -875,8 +895,8 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event /* retrieve data from GPU to CPU */ ret = av_hwframe_transfer_data(hwFrame, mRawFrame, 0); if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); - Error("Unable to transfer frame at frame %d: %s, continuing", frameCount, errbuf); + Error("Unable to transfer frame at frame %d: %s, continuing", + frameCount, av_make_error_string(ret).c_str()); zm_av_packet_unref(&packet); continue; } @@ -908,7 +928,7 @@ int FfmpegCamera::CaptureAndRecord( Image &image, timeval recording, char* event mAudioStreamId, packet.stream_index); //Write the packet to our video store //FIXME no relevance of last key frame - int ret = videoStore->writeAudioFramePacket( &packet ); + int ret = videoStore->writeAudioFramePacket(&packet); if ( ret < 0 ) {//Less than zero and we skipped a frame Warning("Failure to write audio packet."); zm_av_packet_unref(&packet); diff --git a/src/zm_ffmpeg_camera.h b/src/zm_ffmpeg_camera.h index 9f7fbb3ae..210a67f45 100644 --- a/src/zm_ffmpeg_camera.h +++ b/src/zm_ffmpeg_camera.h @@ -41,6 +41,8 @@ class FfmpegCamera : public Camera { std::string mPath; std::string mMethod; std::string mOptions; + std::string hwaccel_name; + std::string hwaccel_device; int frameCount; @@ -86,17 +88,32 @@ class FfmpegCamera : public Camera { int error_count; public: - FfmpegCamera( int p_id, const std::string &path, const std::string &p_method, const std::string &p_options, int p_width, int p_height, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture, bool p_record_audio ); + FfmpegCamera( + int p_id, + const std::string &path, + const std::string &p_method, + const std::string &p_options, + int p_width, + int p_height, + int p_colours, + int p_brightness, + int p_contrast, + int p_hue, + int p_colour, + bool p_capture, + bool p_record_audio, + const std::string &p_hwaccel_name, + const std::string &p_hwaccel_device + ); ~FfmpegCamera(); - const std::string &Path() const { return( mPath ); } - const std::string &Options() const { return( mOptions ); } - const std::string &Method() const { return( mMethod ); } + const std::string &Path() const { return mPath; } + const std::string &Options() const { return mOptions; } + const std::string &Method() const { return mMethod; } void Initialise(); void Terminate(); - int PrimeCapture(); int PreCapture(); int Capture( Image &image ); From d0abd164942cd62b5d137250a1e3c9c26bed4180 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:34:01 -0400 Subject: [PATCH 234/360] add passing hwaccel name and device. use av_make_error_string(ret).c_str() to reduce code and increase consistency --- src/zm_ffmpeg_input.cpp | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/src/zm_ffmpeg_input.cpp b/src/zm_ffmpeg_input.cpp index 3c888fa6f..5cca6b35b 100644 --- a/src/zm_ffmpeg_input.cpp +++ b/src/zm_ffmpeg_input.cpp @@ -108,23 +108,21 @@ AVFrame *FFmpeg_Input::get_frame(int stream_id) { int frameComplete = false; AVPacket packet; av_init_packet(&packet); - char errbuf[AV_ERROR_MAX_STRING_SIZE]; while ( !frameComplete ) { int ret = av_read_frame(input_format_context, &packet); if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); if ( // Check if EOF. (ret == AVERROR_EOF || (input_format_context->pb && input_format_context->pb->eof_reached)) || // Check for Connection failure. (ret == -110) ) { - Info("av_read_frame returned %s.", errbuf); + Info("av_read_frame returned %s.", av_make_error_string(ret).c_str()); return NULL; } Error("Unable to read packet from stream %d: error %d \"%s\".", - packet.stream_index, ret, errbuf); + packet.stream_index, ret, av_make_error_string(ret).c_str()); return NULL; } dumpPacket(input_format_context->streams[packet.stream_index], &packet, "Received packet"); @@ -142,10 +140,9 @@ AVFrame *FFmpeg_Input::get_frame(int stream_id) { } ret = zm_receive_frame(context, frame, packet); if ( ret < 0 ) { - av_strerror(ret, errbuf, AV_ERROR_MAX_STRING_SIZE); Error("Unable to decode frame at frame %d: %s, continuing", - streams[packet.stream_index].frame_count, errbuf); - zm_av_packet_unref( &packet ); + streams[packet.stream_index].frame_count, av_make_error_string(ret).c_str()); + zm_av_packet_unref(&packet); av_frame_free(&frame); continue; } From 434bbce954904feca0dc754370db78e472798ce3 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:34:17 -0400 Subject: [PATCH 235/360] Add loading decoder_hwaccel in Monitor --- src/zm_monitor.cpp | 20 ++++++++++++++++---- src/zm_monitor.h | 4 ++++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index d282f0e2d..76b7e9a34 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -71,7 +71,8 @@ std::string load_monitor_sql = "SELECT Id, Name, ServerId, StorageId, Type, Function+0, Enabled, LinkedMonitors, " "AnalysisFPSLimit, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS," "Device, Channel, Format, V4LMultiBuffer, V4LCapturesPerFrame, " // V4L Settings -"Protocol, Method, Options, User, Pass, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, RTSPDescribe, " +"Protocol, Method, Options, User, Pass, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, " +"DecoderHWAccelName, DecoderHWAccelDevice, RTSPDescribe, " "SaveJPEGs, VideoWriter, EncoderParameters, " //" OutputCodec, Encoder, OutputContainer, " "RecordAudio, " @@ -281,6 +282,8 @@ Monitor::Monitor( Camera *p_camera, int p_orientation, unsigned int p_deinterlacing, + const std::string &p_decoder_hwaccel_name, + const std::string &p_decoder_hwaccel_device, int p_savejpegs, VideoWriter p_videowriter, std::string p_encoderparams, @@ -322,6 +325,8 @@ Monitor::Monitor( height( (p_orientation==ROTATE_90||p_orientation==ROTATE_270)?p_camera->Width():p_camera->Height() ), orientation( (Orientation)p_orientation ), deinterlacing( p_deinterlacing ), + decoder_hwaccel_name(p_decoder_hwaccel_name), + decoder_hwaccel_device(p_decoder_hwaccel_device), savejpegs( p_savejpegs ), videowriter( p_videowriter ), encoderparams( p_encoderparams ), @@ -361,7 +366,7 @@ Monitor::Monitor( privacy_bitmask( NULL ), event_delete_thread(NULL) { - strncpy( name, p_name, sizeof(name)-1 ); + strncpy(name, p_name, sizeof(name)-1); strncpy(event_prefix, p_event_prefix, sizeof(event_prefix)-1); strncpy(label_format, p_label_format, sizeof(label_format)-1); @@ -2087,6 +2092,9 @@ Monitor *Monitor::Load(MYSQL_ROW dbrow, bool load_zones, Purpose purpose) { int palette = atoi(dbrow[col]); col++; Orientation orientation = (Orientation)atoi(dbrow[col]); col++; int deinterlacing = atoi(dbrow[col]); col++; + std::string decoder_hwaccel_name = dbrow[col] ? dbrow[col] : ""; col++; + std::string decoder_hwaccel_device = dbrow[col] ? dbrow[col] : ""; col++; + bool rtsp_describe = (dbrow[col] && *dbrow[col] != '0'); col++; int savejpegs = atoi(dbrow[col]); col++; @@ -2223,8 +2231,10 @@ Monitor *Monitor::Load(MYSQL_ROW dbrow, bool load_zones, Purpose purpose) { hue, colour, purpose==CAPTURE, - record_audio - ); + record_audio, + decoder_hwaccel_name, + decoder_hwaccel_device + ); #endif // HAVE_LIBAVFORMAT } else if ( type == "NVSocket" ) { camera = new RemoteCameraNVSocket( @@ -2297,6 +2307,8 @@ Monitor *Monitor::Load(MYSQL_ROW dbrow, bool load_zones, Purpose purpose) { camera, orientation, deinterlacing, + decoder_hwaccel_name, + decoder_hwaccel_device, savejpegs, videowriter, encoderparams, diff --git a/src/zm_monitor.h b/src/zm_monitor.h index c7e406f89..37efec69a 100644 --- a/src/zm_monitor.h +++ b/src/zm_monitor.h @@ -250,6 +250,8 @@ protected: Orientation orientation; // Whether the image has to be rotated at all unsigned int deinterlacing; bool videoRecording; + std::string decoder_hwaccel_name; + std::string decoder_hwaccel_device; int savejpegs; VideoWriter videowriter; @@ -368,6 +370,8 @@ public: Camera *p_camera, int p_orientation, unsigned int p_deinterlacing, + const std::string &p_decoder_hwaccel_name, + const std::string &p_decoder_hwaccel_device, int p_savejpegs, VideoWriter p_videowriter, std::string p_encoderparams, From 86c4051c44712c6b34bb6669c5f1327fba0569b4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:34:36 -0400 Subject: [PATCH 236/360] handle zm_receive_frame returning AVERROR instead of boolean --- src/zm_videostore.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 1482884ab..5e07aecc9 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -1000,7 +1000,7 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { if ( audio_out_codec ) { Debug(2, "Have output codec"); - if ( ! zm_receive_frame(audio_in_ctx, in_frame, *ipkt) ) { + if ( ( ret = zm_receive_frame(audio_in_ctx, in_frame, *ipkt) ) < 0 ) { return 0; } From a28f17653f7b81d01a6336aa17acde1c1901cb0e Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Jun 2019 15:34:45 -0400 Subject: [PATCH 237/360] Add DecoderHWAccel fields to Monitor --- web/includes/Monitor.php | 2 ++ web/skins/classic/views/monitor.php | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/web/includes/Monitor.php b/web/includes/Monitor.php index 6e685508c..75c432c09 100644 --- a/web/includes/Monitor.php +++ b/web/includes/Monitor.php @@ -38,6 +38,8 @@ private $defaults = array( 'Palette' => '0', 'Orientation' => null, 'Deinterlacing' => 0, + 'DecoderHWAccelName' => null, + 'DecoderHWAccelDevice' => null, 'SaveJPEGs' => 3, 'VideoWriter' => '0', 'OutputCodec' => null, diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index 1cedd8071..d13c6606b 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -895,6 +895,22 @@ include('_monitor_source_nvsocket.php');  (Type()), 'zmOptionHelp', 'optionhelp', '?' ) ?>)
+ () +
+ () +
Length() ) ?>Id(), 'zmFrames', 'frames', $event->Frames() ) ?>Id(), 'zmFrames', 'frames', $event->AlarmFrames() ) ?>Id(), 'zmFrames', + ( ZM_WEB_LIST_THUMBS ? array('frames', ZM_WEB_LIST_THUMB_WIDTH, ZM_WEB_LIST_THUMB_HEIGHT) : 'frames'), + $event->Frames() ) ?>Id(), 'zmFrames', + ( ZM_WEB_LIST_THUMBS ? array('frames', ZM_WEB_LIST_THUMB_WIDTH, ZM_WEB_LIST_THUMB_HEIGHT) : 'frames'), + $event->AlarmFrames() ) ?> TotScore() ?> AvgScore() ?> Date: Thu, 4 Jul 2019 09:04:43 -0400 Subject: [PATCH 263/360] google code style --- web/skins/classic/js/skin.js | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/web/skins/classic/js/skin.js b/web/skins/classic/js/skin.js index a14c63bfc..d39062087 100644 --- a/web/skins/classic/js/skin.js +++ b/web/skins/classic/js/skin.js @@ -51,51 +51,51 @@ function newWindow( url, name, width, height ) { function getPopupSize( tag, width, height ) { if ( typeof popupSizes == 'undefined' ) { - Error( "Can't find any window sizes" ); - return ( {'width': 0, 'height': 0} ); + Error("Can't find any window sizes"); + return {'width': 0, 'height': 0}; } - var popupSize = Object.clone( popupSizes[tag] ); + var popupSize = Object.clone(popupSizes[tag]); if ( !popupSize ) { - Error( "Can't find window size for tag '"+tag+"'" ); - return ( {'width': 0, 'height': 0} ); + Error("Can't find window size for tag '"+tag+"'"); + return {'width': 0, 'height': 0}; } if ( popupSize.width && popupSize.height ) { if ( width || height ) { - Warning( "Ignoring passed dimensions "+width+"x"+height+" when getting popup size for tag '"+tag+"'" ); + Warning("Ignoring passed dimensions "+width+"x"+height+" when getting popup size for tag '"+tag+"'"); } - return ( popupSize ); + return popupSize; } if ( popupSize.addWidth ) { popupSize.width = popupSize.addWidth; if ( !width ) { - Error( "Got addWidth but no passed width when getting popup size for tag '"+tag+"'" ); + Error("Got addWidth but no passed width when getting popup size for tag '"+tag+"'"); } else { popupSize.width += parseInt(width); } } else if ( width ) { popupSize.width = width; - Error( "Got passed width but no addWidth when getting popup size for tag '"+tag+"'" ); + Error("Got passed width but no addWidth when getting popup size for tag '"+tag+"'"); } if ( popupSize.minWidth && popupSize.width < popupSize.minWidth ) { - Warning( "Adjusting to minimum width when getting popup size for tag '"+tag+"'" ); + Warning("Adjusting to minimum width when getting popup size for tag '"+tag+"'"); popupSize.width = popupSize.minWidth; } if ( popupSize.addHeight ) { popupSize.height = popupSize.addHeight; if ( !height ) { - Error( "Got addHeight but no passed height when getting popup size for tag '"+tag+"'" ); + Error("Got addHeight but no passed height when getting popup size for tag '"+tag+"'"); } else { popupSize.height += parseInt(height); } } else if ( height ) { popupSize.height = height; - Error( "Got passed height but no addHeight when getting popup size for tag '"+tag+"'" ); + Error("Got passed height but no addHeight when getting popup size for tag '"+tag+"'"); } if ( popupSize.minHeight && ( popupSize.height < popupSize.minHeight ) ) { - Warning( "Adjusting to minimum height ("+popupSize.minHeight+") when getting popup size for tag '"+tag+"' because calculated height is " + popupSize.height ); + Warning("Adjusting to minimum height ("+popupSize.minHeight+") when getting popup size for tag '"+tag+"' because calculated height is " + popupSize.height); popupSize.height = popupSize.minHeight; } - return ( popupSize ); + return popupSize; } function zmWindow() { From aa817adbeda64c497ab59b595860bb459d3ad82b Mon Sep 17 00:00:00 2001 From: bluikko <14869000+bluikko@users.noreply.github.com> Date: Sun, 7 Jul 2019 19:26:06 +0700 Subject: [PATCH 264/360] Add primary keys to Logs and Stats tables (#2653) * Add primary keys to Logs and Stats tables Adds an auto_increment int(10) Id as PRIMARY KEY to Logs and Stats tables. Closes ZoneMinder#2550 and makes ZoneMinder compatible with Galera writeset replication for InnoDB (Galera Cluster, Percona XtraDB Cluster). * Do ALTER TABLE only if columns do not exist * Add forgotten prepare/execute --- db/zm_create.sql.in | 4 ++++ db/zm_update-1.33.12.sql | 27 +++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 db/zm_update-1.33.12.sql diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index f8fb8673b..261a4368c 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -351,6 +351,7 @@ CREATE INDEX `Groups_Monitors_MonitorId_idx` ON `Groups_Monitors` (`MonitorId`); DROP TABLE IF EXISTS `Logs`; CREATE TABLE `Logs` ( + `Id` int(10) unsigned NOT NULL AUTO_INCREMENT, `TimeKey` decimal(16,6) NOT NULL, `Component` varchar(32) NOT NULL, `ServerId` int(10) unsigned, @@ -360,6 +361,7 @@ CREATE TABLE `Logs` ( `Message` text NOT NULL, `File` varchar(255) DEFAULT NULL, `Line` smallint(5) unsigned DEFAULT NULL, + PRIMARY KEY (`Id`), KEY `TimeKey` (`TimeKey`) ) ENGINE=@ZM_MYSQL_ENGINE@; @@ -589,6 +591,7 @@ CREATE INDEX `Servers_Name_idx` ON `Servers` (`Name`); DROP TABLE IF EXISTS `Stats`; CREATE TABLE `Stats` ( + `Id` int(10) unsigned NOT NULL AUTO_INCREMENT, `MonitorId` int(10) unsigned NOT NULL default '0', `ZoneId` int(10) unsigned NOT NULL default '0', `EventId` BIGINT UNSIGNED NOT NULL, @@ -605,6 +608,7 @@ CREATE TABLE `Stats` ( `MinY` smallint(5) unsigned NOT NULL default '0', `MaxY` smallint(5) unsigned NOT NULL default '0', `Score` smallint(5) unsigned NOT NULL default '0', + PRIMARY KEY (`Id`), KEY `EventId` (`EventId`), KEY `MonitorId` (`MonitorId`), KEY `ZoneId` (`ZoneId`) diff --git a/db/zm_update-1.33.12.sql b/db/zm_update-1.33.12.sql new file mode 100644 index 000000000..8188ad841 --- /dev/null +++ b/db/zm_update-1.33.12.sql @@ -0,0 +1,27 @@ +-- +-- Add primary keys for Logs and Stats tables +-- + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Logs' + AND column_name = 'Id' + ) > 0, +"SELECT 'Column Id already exists in Logs'", +"ALTER TABLE `Logs` ADD COLUMN `Id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (`Id`)" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Stats' + AND column_name = 'Id' + ) > 0, +"SELECT 'Column Id already exists in Stats'", +"ALTER TABLE `Stats` ADD COLUMN `Id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (`Id`)" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; From 8c735856f80ca38d83584c803814951275e8fe36 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sun, 7 Jul 2019 07:32:12 -0500 Subject: [PATCH 265/360] bump version required by #2653 --- version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version b/version index ca7a1ec9c..325da8275 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.33.11 +1.33.12 From 255f606ebf77f6885d420cdc80a04c8409e37ec4 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sun, 7 Jul 2019 07:33:50 -0500 Subject: [PATCH 266/360] bump rpm specfile --- distros/redhat/zoneminder.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index c8413d6a0..d064c3b94 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -23,7 +23,7 @@ %global _hardened_build 1 Name: zoneminder -Version: 1.33.9 +Version: 1.33.12 Release: 1%{?dist} Summary: A camera monitoring and analysis tool Group: System Environment/Daemons @@ -411,6 +411,9 @@ EOF %dir %attr(755,nginx,nginx) %{_localstatedir}/spool/zoneminder-upload %changelog +* Sun Jul 07 2019 Andrew Bauer - 1.33.12-1 +- Bump to 1.33.12 Development + * Sun Jun 23 2019 Andrew Bauer - 1.33.9-1 - Bump to 1.33.9 Development From 0f35d86efbdec059eda5ccb1f1b12c59cb51af72 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sun, 7 Jul 2019 08:56:39 -0400 Subject: [PATCH 267/360] implement zm_send_frame which sends a frame and receives a packet --- src/zm_ffmpeg.cpp | 39 +++++++++++++++++++++++++++++++++++++++ src/zm_ffmpeg.h | 4 +++- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/src/zm_ffmpeg.cpp b/src/zm_ffmpeg.cpp index 139ab5838..4ee6e6707 100644 --- a/src/zm_ffmpeg.cpp +++ b/src/zm_ffmpeg.cpp @@ -539,6 +539,45 @@ int zm_receive_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet) return 0; } // end int zm_receive_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet) +int zm_send_frame(AVCodecContext *ctx, AVFrame *frame, AVPacket &packet) { + int ret; + #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) + if ( (ret = avcodec_send_frame(ctx, frame)) < 0 ) { + Error("Could not send frame (error '%s')", + av_make_error_string(ret).c_str()); + zm_av_packet_unref(&packet); + return 0; + } + + if ( (ret = avcodec_receive_packet(ctx, &packet)) < 0 ) { + if ( AVERROR(EAGAIN) == ret ) { + // The codec may need more samples than it has, perfectly valid + Debug(2, "Codec not ready to give us a packet"); + } else { + Error("Could not recieve packet (error %d = '%s')", ret, + av_make_error_string(ret).c_str()); + } + zm_av_packet_unref(&packet); + return 0; + } + #else + int data_present; + if ( (ret = avcodec_encode_audio2( + ctx, &packet, frame, &data_present)) < 0 ) { + Error("Could not encode frame (error '%s')", + av_make_error_string(ret).c_str()); + zm_av_packet_unref(&packet); + return 0; + } + if ( !data_present ) { + Debug(2, "Not ready to out a frame yet."); + zm_av_packet_unref(&packet); + return 0; + } + #endif + return 1; +} // wend zm_send_frame + void dumpPacket(AVStream *stream, AVPacket *pkt, const char *text) { char b[10240]; diff --git a/src/zm_ffmpeg.h b/src/zm_ffmpeg.h index e3b8314f8..18e018e26 100644 --- a/src/zm_ffmpeg.h +++ b/src/zm_ffmpeg.h @@ -332,7 +332,9 @@ bool is_audio_stream(AVStream *); bool is_video_context(AVCodec *); bool is_audio_context(AVCodec *); -int zm_receive_frame( AVCodecContext *context, AVFrame *frame, AVPacket &packet ); +int zm_receive_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet); +int zm_send_frame(AVCodecContext *context, AVFrame *frame, AVPacket &packet); + void dumpPacket(AVStream *, AVPacket *,const char *text=""); void dumpPacket(AVPacket *,const char *text=""); #endif // ZM_FFMPEG_H From 94cc85aa36908d42f2cd2faa7038cf0a5fda4819 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sun, 7 Jul 2019 08:57:22 -0400 Subject: [PATCH 268/360] Sorta fix pts on encoded audio packets. Sync is off, but at least it is close --- src/zm_ffmpeg_camera.cpp | 4 +- src/zm_videostore.cpp | 110 ++++++++++++++++++--------------------- 2 files changed, 54 insertions(+), 60 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 0eac0e49d..b96142aab 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -466,8 +466,8 @@ int FfmpegCamera::OpenFfmpeg() { } else { Debug(1, "decoder %s hwConfig doesn't match our type: %s, pix_fmt %s.", mVideoCodec->name, - av_hwdevice_get_type_name(config-device_type), - av_get_pix_fmt_name(config->pix_fmt); + av_hwdevice_get_type_name(config->device_type), + av_get_pix_fmt_name(config->pix_fmt) ); } } // end foreach hwconfig diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index bd4f47a2f..5ffec165b 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -1030,13 +1030,15 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { } zm_dump_frame(out_frame, "Out frame after resample"); +#if 0 // out_frame pts is in the input pkt pts... needs to be adjusted before sending to the encoder if ( out_frame->pts != AV_NOPTS_VALUE ) { if ( !audio_first_pts ) { audio_first_pts = out_frame->pts; - Debug(1, "No video_first_pts setting to %" PRId64, audio_first_pts); + Debug(1, "No audio_first_pts setting to %" PRId64, audio_first_pts); out_frame->pts = 0; } else { + // out_frame_pts is in codec->timebase, audio_first_pts is in packet timebase. out_frame->pts = out_frame->pts - audio_first_pts; zm_dump_frame(out_frame, "Out frame after pts adjustment"); } @@ -1046,55 +1048,55 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { out_frame->pts = audio_next_pts; } audio_next_pts = out_frame->pts + out_frame->nb_samples; +#endif av_init_packet(&opkt); - #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) - if ( (ret = avcodec_send_frame(audio_out_ctx, out_frame)) < 0 ) { - Error("Could not send frame (error '%s')", - av_make_error_string(ret).c_str()); - zm_av_packet_unref(&opkt); + if ( !zm_send_frame(audio_out_ctx, out_frame, opkt) ) { return 0; } - if ( (ret = avcodec_receive_packet(audio_out_ctx, &opkt)) < 0 ) { - if ( AVERROR(EAGAIN) == ret ) { - // The codec may need more samples than it has, perfectly valid - Debug(2, "Codec not ready to give us a packet"); - } else { - Error("Could not recieve packet (error %d = '%s')", ret, - av_make_error_string(ret).c_str()); - } - zm_av_packet_unref(&opkt); - return 0; - } - #else - int data_present; - if ( (ret = avcodec_encode_audio2( - audio_out_ctx, &opkt, out_frame, &data_present)) < 0 ) { - Error("Could not encode frame (error '%s')", - av_make_error_string(ret).c_str()); - zm_av_packet_unref(&opkt); - return 0; - } - if ( !data_present ) { - Debug(2, "Not ready to out a frame yet."); - zm_av_packet_unref(&opkt); - return 0; - } - #endif -#if 0 - // These should be set by encoder. They may not directly relate to ipkt due to buffering in codec. - opkt.duration = av_rescale_q(opkt.duration, - audio_in_stream->time_base, - audio_out_stream->time_base); - opkt.pts = av_rescale_q(opkt.pts, - audio_in_stream->time_base, - audio_out_stream->time_base); - opkt.dts = av_rescale_q(opkt.dts, - audio_in_stream->time_base, - audio_out_stream->time_base); -#endif dumpPacket(audio_out_stream, &opkt, "raw opkt"); + opkt.duration = av_rescale_q( + opkt.duration, + audio_out_ctx->time_base, + audio_out_stream->time_base); + // Scale the PTS of the outgoing packet to be the correct time base + if ( ipkt->pts != AV_NOPTS_VALUE ) { + if ( !audio_first_pts ) { + opkt.pts = 0; + audio_first_pts = ipkt->pts; + Debug(1, "No audio_first_pts"); + } else { + opkt.pts = av_rescale_q( + opkt.pts, + audio_out_ctx->time_base, + audio_out_stream->time_base); + opkt.pts -= audio_first_pts; + Debug(2, "audio opkt.pts = %" PRId64 " from ipkt->pts(%" PRId64 ") - first_pts(%" PRId64 ")", + opkt.pts, ipkt->pts, audio_first_pts); + } + } else { + Debug(2, "opkt.pts = undef"); + opkt.pts = AV_NOPTS_VALUE; + } + + if ( opkt.dts != AV_NOPTS_VALUE ) { + if ( !audio_first_dts ) { + opkt.dts = 0; + audio_first_dts = opkt.dts; + } else { + opkt.dts = av_rescale_q( + opkt.dts, + audio_out_ctx->time_base, + audio_out_stream->time_base); + opkt.dts -= audio_first_dts; + Debug(2, "opkt.dts = %" PRId64 " from ipkt.dts(%" PRId64 ") - first_dts(%" PRId64 ")", + opkt.dts, ipkt->dts, audio_first_dts); + } + audio_last_dts = opkt.dts; + } else { + opkt.dts = AV_NOPTS_VALUE; + } } else { Debug(2,"copying"); @@ -1128,16 +1130,6 @@ int VideoStore::writeAudioFramePacket(AVPacket *ipkt) { } if ( ipkt->dts != AV_NOPTS_VALUE ) { - // So if the in has no dts assigned... still need an out dts... so we use cur_dts? - -#if 0 - if ( audio_last_dts >= audio_in_stream->cur_dts ) { - Debug(1, "Resetting audio_last_dts from (%d) to cur_dts (%d)", audio_last_dts, audio_in_stream->cur_dts); - opkt.dts = audio_next_dts + av_rescale_q( audio_in_stream->cur_dts, AV_TIME_BASE_Q, audio_out_stream->time_base); - } else { - opkt.dts = audio_next_dts + av_rescale_q( audio_in_stream->cur_dts - audio_last_dts, AV_TIME_BASE_Q, audio_out_stream->time_base); - } -#endif if ( !audio_first_dts ) { opkt.dts = 0; audio_first_dts = ipkt->dts; @@ -1251,15 +1243,17 @@ int VideoStore::resample_audio() { } out_frame->nb_samples = frame_size; // resampling changes the duration because the timebase is 1/samples + // I think we should be dealing in codec timebases not stream if ( in_frame->pts != AV_NOPTS_VALUE ) { out_frame->pkt_duration = av_rescale_q( in_frame->pkt_duration, - audio_in_stream->time_base, - audio_out_stream->time_base); + audio_in_ctx->time_base, + audio_out_ctx->time_base); out_frame->pts = av_rescale_q( in_frame->pts, - audio_in_stream->time_base, - audio_out_stream->time_base); + audio_in_ctx->time_base, + audio_out_ctx->time_base); + zm_dump_frame(out_frame, "Out frame after timestamp conversion"); } #else #if defined(HAVE_LIBAVRESAMPLE) From 3c1cd1e7501caa40fbaf6949c710a9c0c70c2c63 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sun, 7 Jul 2019 16:03:54 -0400 Subject: [PATCH 269/360] rename var from nevents to nFrames because that's what they are. Fix an error when page=0 --- web/skins/classic/views/frames.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php index 9a877ae3b..ea8b181a1 100644 --- a/web/skins/classic/views/frames.php +++ b/web/skins/classic/views/frames.php @@ -28,7 +28,6 @@ require_once('includes/Frame.php'); $countSql = 'SELECT COUNT(*) AS FrameCount FROM Frames AS F WHERE 1 '; $frameSql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames AS F WHERE 1 '; -$eid = $_REQUEST['eid']; // override the sort_field handling in parseSort for frames if ( empty($_REQUEST['sort_field']) ) @@ -59,6 +58,7 @@ if ( $_REQUEST['filter']['sql'] ) { $frameSql .= " ORDER BY $sortColumn $sortOrder,Id $sortOrder"; +$eid = validInt($_REQUEST['eid']); $Event = new ZM\Event($eid); $Monitor = $Event->Monitor(); @@ -75,22 +75,22 @@ if ( isset( $_REQUEST['scale'] ) ) { $page = isset($_REQUEST['page']) ? validInt($_REQUEST['page']) : 1; $limit = isset($_REQUEST['limit']) ? validInt($_REQUEST['limit']) : 0; -$nEvents = dbFetchOne($countSql, 'FrameCount' ); +$nFrames = dbFetchOne($countSql, 'FrameCount' ); -if ( !empty($limit) && $nEvents > $limit ) { - $nEvents = $limit; +if ( !empty($limit) && ($nFrames > $limit) ) { + $nFrames = $limit; } -$pages = (int)ceil($nEvents/ZM_WEB_EVENTS_PER_PAGE); +$pages = (int)ceil($nFrames/ZM_WEB_EVENTS_PER_PAGE); if ( !empty($page) ) { - if ( $page < 0 ) + if ( $page <= 0 ) $page = 1; else if ( $pages and ( $page > $pages ) ) $page = $pages; $limitStart = (($page-1)*ZM_WEB_EVENTS_PER_PAGE); - if ( empty( $limit ) ) { + if ( empty($limit) ) { $limitAmount = ZM_WEB_EVENTS_PER_PAGE; } else { $limitLeft = $limit - $limitStart; @@ -104,7 +104,7 @@ if ( !empty($page) ) { $maxShortcuts = 5; $pagination = getPagination($pages, $page, $maxShortcuts, $sortQuery.'&eid='.$eid.$limitQuery.$filterQuery); -$frames = dbFetchAll( $frameSql ); +$frames = dbFetchAll($frameSql); $focusWindow = true; From 4b41655dc5cf96475c85a7773a0ed26c50ae6fce Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sun, 7 Jul 2019 16:10:53 -0400 Subject: [PATCH 270/360] fix --- web/skins/classic/views/frames.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php index ea8b181a1..80d99fe3c 100644 --- a/web/skins/classic/views/frames.php +++ b/web/skins/classic/views/frames.php @@ -24,6 +24,9 @@ if ( !canView('Events') ) { } require_once('includes/Frame.php'); +$eid = validInt($_REQUEST['eid']); +$Event = new ZM\Event($eid); +$Monitor = $Event->Monitor(); $countSql = 'SELECT COUNT(*) AS FrameCount FROM Frames AS F WHERE 1 '; $frameSql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames AS F WHERE 1 '; @@ -58,9 +61,6 @@ if ( $_REQUEST['filter']['sql'] ) { $frameSql .= " ORDER BY $sortColumn $sortOrder,Id $sortOrder"; -$eid = validInt($_REQUEST['eid']); -$Event = new ZM\Event($eid); -$Monitor = $Event->Monitor(); if ( isset( $_REQUEST['scale'] ) ) { $scale = validNum($_REQUEST['scale']); From b84e3499f4598e86c80b213543db71802266c548 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sun, 7 Jul 2019 17:25:49 -0400 Subject: [PATCH 271/360] Implement code to auto-load monitor status info if not already loaded. Check for Connected instead of Capturing in watch to display warning message --- web/includes/Monitor.php | 25 ++++++++++++++++++------- web/skins/classic/views/watch.php | 2 +- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/web/includes/Monitor.php b/web/includes/Monitor.php index 75c432c09..c46048716 100644 --- a/web/includes/Monitor.php +++ b/web/includes/Monitor.php @@ -105,6 +105,7 @@ private $defaults = array( 'DefaultCodec' => 'auto', ); private $status_fields = array( + 'Status' => null, 'AnalysisFPS' => null, 'CaptureFPS' => null, 'CaptureBandwidth' => null, @@ -271,17 +272,27 @@ private $control_fields = array( return $this->{$fn}; #array_unshift($args, $this); #call_user_func_array( $this->{$fn}, $args); - } else { - if ( array_key_exists($fn, $this->control_fields) ) { + } else if ( array_key_exists($fn, $this->control_fields) ) { return $this->control_fields{$fn}; - } else if ( array_key_exists( $fn, $this->defaults ) ) { + } else if ( array_key_exists( $fn, $this->defaults ) ) { return $this->defaults{$fn}; + } else if ( array_key_exists( $fn, $this->status_fields) ) { + $sql = 'SELECT Status,CaptureFPS,AnalysisFPS,CaptureBandwidth + FROM Monitor_Status WHERE MonitorId=?'; + $row = dbFetchOne($sql, NULL, array($this->{'Id'})); + if ( !$row ) { + Error("Unable to load Monitor record for Id=" . $this->{'Id'}); } else { - $backTrace = debug_backtrace(); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Warning( "Unknown function call Monitor->$fn from $file:$line" ); + foreach ($row as $k => $v) { + $this->{$k} = $v; + } } + return $this->{$fn}; + } else { + $backTrace = debug_backtrace(); + $file = $backTrace[1]['file']; + $line = $backTrace[1]['line']; + Warning( "Unknown function call Monitor->$fn from $file:$line" ); } } diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php index 0038f3016..4d2fa93d5 100644 --- a/web/skins/classic/views/watch.php +++ b/web/skins/classic/views/watch.php @@ -78,7 +78,7 @@ if ( canView('Control') && $monitor->Type() == 'Local' ) {
Status() != 'Capturing' ) { +if ( $monitor->Status() != 'Connected' ) { echo '
Monitor is not capturing. We will be unable to provide an image
'; } ?> From da5e8d19b8f5eb4f5c7241030b869a38bdf29267 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sun, 7 Jul 2019 17:54:45 -0400 Subject: [PATCH 272/360] Fix #2656 --- web/skins/classic/views/report_event_audit.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/web/skins/classic/views/report_event_audit.php b/web/skins/classic/views/report_event_audit.php index c7517728e..b378dc43d 100644 --- a/web/skins/classic/views/report_event_audit.php +++ b/web/skins/classic/views/report_event_audit.php @@ -192,9 +192,8 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) { ) ) ); + parseFilter($ZeroSize_filter); } - - ?>
- '.count($FileMissing).'' : '0' ?> + '.count($ZeroSize).'' : '0' ?>
- diff --git a/web/skins/classic/views/js/download.js b/web/skins/classic/views/js/download.js index 6dafdd23f..55a256795 100644 --- a/web/skins/classic/views/js/download.js +++ b/web/skins/classic/views/js/download.js @@ -11,6 +11,7 @@ function configureExportButton( element ) { } function startDownload( exportFile ) { + console.log("Starting download from " + exportFile); window.location.replace( exportFile ); } @@ -26,12 +27,21 @@ function exportProgress() { } function exportResponse( respObj, respText ) { - window.location.replace( thisUrl+'?view='+currentView+'&'+eidParm+'&exportFormat='+respObj.exportFormat+'&generated='+((respObj.result=='Ok')?1:0) ); + console.log(respObj); + window.location.replace( + thisUrl+'?view='+currentView+'&'+eidParm + +'&exportFormat='+respObj.exportFormat + +'&exportFile='+respObj.exportFile + +'&generated='+((respObj.result=='Ok')?1:0) + +'&connkey='+connkey + ); } -function exportEvent( form ) { +function exportEvent( element ) { + var form = element.form; var parms = 'view=request&request=event&action=download'; parms += '&'+$(form).toQueryString(); + console.log(parms); var query = new Request.JSON( {url: thisUrl, method: 'post', data: parms, onSuccess: exportResponse} ); query.send(); $('exportProgress').removeClass( 'hidden' ); @@ -46,7 +56,7 @@ function initPage() { startDownload.pass( exportFile ).delay( 1500 ); } document.getElementById('exportButton').addEventListener("click", function onClick(evt) { - exportEvent(this.form); + exportEvent(this); }); } diff --git a/web/skins/classic/views/js/download.js.php b/web/skins/classic/views/js/download.js.php index 3501fc711..0d0c05679 100644 --- a/web/skins/classic/views/js/download.js.php +++ b/web/skins/classic/views/js/download.js.php @@ -14,6 +14,7 @@ var eidParm = 'eid='; ?> var exportReady = ; -var exportFile = '?view=archive&type='; +var exportFile = '?view=archive&type=&connkey='; +var connkey = ''; var exportProgressString = ''; diff --git a/web/skins/classic/views/js/events.js b/web/skins/classic/views/js/events.js index 3ef9eae5f..ca7f7c7ec 100644 --- a/web/skins/classic/views/js/events.js +++ b/web/skins/classic/views/js/events.js @@ -100,8 +100,9 @@ function downloadVideo( element ) { function exportEvents( element ) { var form = element.form; - form.attr('action', '?view=export'); - form[0].elements['view'].value='export'; + console.log(form); + form.action = '?view=export'; + form.elements['view'].value='export'; form.submit(); } From 0643108ba47f696ca0d71f35dda83d2a929b2ea3 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 26 Jul 2019 10:53:48 -0400 Subject: [PATCH 319/360] Use fputs instead of fprintf. Spacing and google code style changes --- src/zm_eventstream.cpp | 123 ++++++++++++---------- src/zms.cpp | 230 ++++++++++++++++++++--------------------- 2 files changed, 183 insertions(+), 170 deletions(-) diff --git a/src/zm_eventstream.cpp b/src/zm_eventstream.cpp index 5439b42e8..f3a5e35bc 100644 --- a/src/zm_eventstream.cpp +++ b/src/zm_eventstream.cpp @@ -41,10 +41,12 @@ #include "zm_sendfile.h" -bool EventStream::loadInitialEventData( int monitor_id, time_t event_time ) { +bool EventStream::loadInitialEventData(int monitor_id, time_t event_time) { static char sql[ZM_SQL_SML_BUFSIZ]; - snprintf(sql, sizeof(sql), "SELECT Id FROM Events WHERE MonitorId = %d AND unix_timestamp(EndTime) > %ld ORDER BY Id ASC LIMIT 1", monitor_id, event_time); + snprintf(sql, sizeof(sql), "SELECT Id FROM Events WHERE " + "MonitorId = %d AND unix_timestamp(EndTime) > %ld " + "ORDER BY Id ASC LIMIT 1", monitor_id, event_time); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); @@ -91,7 +93,7 @@ bool EventStream::loadInitialEventData( int monitor_id, time_t event_time ) { return true; } // bool EventStream::loadInitialEventData( int monitor_id, time_t event_time ) -bool EventStream::loadInitialEventData( uint64_t init_event_id, unsigned int init_frame_id ) { +bool EventStream::loadInitialEventData(uint64_t init_event_id, unsigned int init_frame_id) { loadEventData(init_event_id); if ( init_frame_id ) { @@ -158,7 +160,7 @@ bool EventStream::loadEventData(uint64_t event_id) { event_data->scheme = Storage::SHALLOW; } event_data->SaveJPEGs = dbrow[7] == NULL ? 0 : atoi(dbrow[7]); - mysql_free_result( result ); + mysql_free_result(result); Storage * storage = new Storage(event_data->storage_id); const char *storage_path = storage->Path(); @@ -205,9 +207,11 @@ bool EventStream::loadEventData(uint64_t event_id) { delete storage; storage = NULL; updateFrameRate((double)event_data->frame_count/event_data->duration); - Debug(3,"fps set by frame_count(%d)/duration(%f)", event_data->frame_count, event_data->duration); + Debug(3, "fps set by frame_count(%d)/duration(%f)", + event_data->frame_count, event_data->duration); - snprintf(sql, sizeof(sql), "SELECT FrameId, unix_timestamp(`TimeStamp`), Delta FROM Frames WHERE EventId = %" PRIu64 " ORDER BY FrameId ASC", event_id); + snprintf(sql, sizeof(sql), "SELECT FrameId, unix_timestamp(`TimeStamp`), Delta " + "FROM Frames WHERE EventId = %" PRIu64 " ORDER BY FrameId ASC", event_id); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); exit(mysql_errno(&dbconn)); @@ -226,7 +230,7 @@ bool EventStream::loadEventData(uint64_t event_id) { double last_timestamp = event_data->start_time; double last_delta = 0.0; - while ( ( dbrow = mysql_fetch_row( result ) ) ) { + while ( ( dbrow = mysql_fetch_row(result) ) ) { int id = atoi(dbrow[0]); //timestamp = atof(dbrow[1]); double delta = atof(dbrow[2]); @@ -256,7 +260,7 @@ bool EventStream::loadEventData(uint64_t event_id) { last_id = id; last_delta = delta; last_timestamp = event_data->frames[id-1].timestamp; - Debug(4,"Frame %d timestamp:(%f), offset(%f) delta(%f), in_db(%d)", + Debug(4, "Frame %d timestamp:(%f), offset(%f) delta(%f), in_db(%d)", id, event_data->frames[id-1].timestamp, event_data->frames[id-1].offset, @@ -264,24 +268,21 @@ bool EventStream::loadEventData(uint64_t event_id) { event_data->frames[id-1].in_db ); } - if ( mysql_errno( &dbconn ) ) { + if ( mysql_errno(&dbconn) ) { Error("Can't fetch row: %s", mysql_error(&dbconn)); exit(mysql_errno(&dbconn)); } mysql_free_result(result); - //for ( int i = 0; i < 250; i++ ) - //{ - //Info( "%d -> %d @ %f (%d)", i+1, event_data->frames[i].timestamp, event_data->frames[i].delta, event_data->frames[i].in_db ); - //} if ( event_data->video_file[0] ) { - char filepath[PATH_MAX]; - snprintf(filepath, sizeof(filepath), "%s/%s", event_data->path, event_data->video_file); - Debug(1, "Loading video file from %s", filepath); + std::string filepath = std::string(event_data->path) + "/" + std::string(event_data->video_file); + //char filepath[PATH_MAX]; + //snprintf(filepath, sizeof(filepath), "%s/%s", event_data->path, event_data->video_file); + Debug(1, "Loading video file from %s", filepath.c_str()); ffmpeg_input = new FFmpeg_Input(); - if ( 0 > ffmpeg_input->Open(filepath) ) { - Warning("Unable to open ffmpeg_input %s/%s", event_data->path, event_data->video_file); + if ( 0 > ffmpeg_input->Open(filepath.c_str()) ) { + Warning("Unable to open ffmpeg_input %s", filepath.c_str()); delete ffmpeg_input; ffmpeg_input = NULL; } @@ -318,11 +319,17 @@ void EventStream::processCommand(const CmdMsg *msg) { } // If we are in single event mode and at the last frame, replay the current event - if ( (mode == MODE_SINGLE || mode == MODE_NONE) && ((unsigned int)curr_frame_id == event_data->frame_count) ) { + if ( + (mode == MODE_SINGLE || mode == MODE_NONE) + && + ((unsigned int)curr_frame_id == event_data->frame_count) + ) { Debug(1, "Was in single or no replay mode, and at last frame, so jumping to 1st frame"); curr_frame_id = 1; } else { - Debug(1, "mode is %s, current frame is %d, frame count is %d", (mode == MODE_SINGLE ? "single" : "not single" ), curr_frame_id, event_data->frame_count ); + Debug(1, "mode is %s, current frame is %d, frame count is %d", + (mode == MODE_SINGLE ? "single" : "not single"), + curr_frame_id, event_data->frame_count ); } replay_rate = ZM_RATE_BASE; @@ -515,7 +522,7 @@ void EventStream::processCommand(const CmdMsg *msg) { DataMsg status_msg; status_msg.msg_type = MSG_DATA_EVENT; memcpy(&status_msg.msg_data, &status_data, sizeof(status_data)); - Debug(1,"Size of msg %d", sizeof(status_data)); + Debug(1, "Size of msg %d", sizeof(status_data)); if ( sendto(sd, &status_msg, sizeof(status_msg), MSG_DONTWAIT, (sockaddr *)&rem_addr, sizeof(rem_addr)) < 0 ) { //if ( errno != EAGAIN ) { @@ -524,7 +531,7 @@ void EventStream::processCommand(const CmdMsg *msg) { } } // quit after sending a status, if this was a quit request - if ( (MsgCommand)msg->msg_data[0]==CMD_QUIT ) + if ( (MsgCommand)msg->msg_data[0] == CMD_QUIT ) exit(0); updateFrameRate((double)event_data->frame_count/event_data->duration); @@ -534,17 +541,22 @@ void EventStream::checkEventLoaded() { static char sql[ZM_SQL_SML_BUFSIZ]; if ( curr_frame_id <= 0 ) { - snprintf(sql, sizeof(sql), "SELECT Id FROM Events WHERE MonitorId = %ld AND Id < %" PRIu64 " ORDER BY Id DESC LIMIT 1", event_data->monitor_id, event_data->event_id); + snprintf(sql, sizeof(sql), + "SELECT Id FROM Events WHERE MonitorId = %ld AND Id < %" PRIu64 " ORDER BY Id DESC LIMIT 1", + event_data->monitor_id, event_data->event_id); } else if ( (unsigned int)curr_frame_id > event_data->frame_count ) { - snprintf(sql, sizeof(sql), "SELECT Id FROM Events WHERE MonitorId = %ld AND Id > %" PRIu64 " ORDER BY Id ASC LIMIT 1", event_data->monitor_id, event_data->event_id); + snprintf(sql, sizeof(sql), + "SELECT Id FROM Events WHERE MonitorId = %ld AND Id > %" PRIu64 " ORDER BY Id ASC LIMIT 1", + event_data->monitor_id, event_data->event_id); } else { // No event change required - //Debug(3, "No event change required"); + Debug(3, "No event change required, as curr frame %d <=> event frames %d", + curr_frame_id, event_data->frame_count); return; } // Event change required. - if ( forceEventChange || ( mode != MODE_SINGLE && mode != MODE_NONE ) ) { + if ( forceEventChange || ( (mode != MODE_SINGLE) && (mode != MODE_NONE) ) ) { if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); exit(mysql_errno(&dbconn)); @@ -569,12 +581,13 @@ void EventStream::checkEventLoaded() { loadEventData(event_id); Debug(2, "Current frame id = %d", curr_frame_id); - if ( replay_rate < 0 ) //rewind + if ( replay_rate < 0 ) // rewind curr_frame_id = event_data->frame_count; else curr_frame_id = 1; Debug(2, "New frame id = %d", curr_frame_id); } else { + Debug(2, "No next event loaded using %s. Pausing", sql); if ( curr_frame_id <= 0 ) curr_frame_id = 1; else @@ -584,6 +597,7 @@ void EventStream::checkEventLoaded() { mysql_free_result(result); forceEventChange = false; } else { + Debug(2, "Pausing because mode is %d", mode); if ( curr_frame_id <= 0 ) curr_frame_id = 1; else @@ -608,16 +622,16 @@ bool EventStream::sendFrame(int delta_us) { static struct stat filestat; FILE *fdj = NULL; - // This needs to be abstracted. If we are saving jpgs, then load the capture file. If we are only saving analysis frames, then send that. - // // This is also wrong, need to have this info stored in the event! FIXME + // This needs to be abstracted. If we are saving jpgs, then load the capture file. + // If we are only saving analysis frames, then send that. if ( event_data->SaveJPEGs & 1 ) { snprintf(filepath, sizeof(filepath), staticConfig.capture_file_format, event_data->path, curr_frame_id); } else if ( event_data->SaveJPEGs & 2 ) { snprintf(filepath, sizeof(filepath), staticConfig.analyse_file_format, event_data->path, curr_frame_id); - if ( stat(filepath, &filestat ) < 0 ) { + if ( stat(filepath, &filestat) < 0 ) { Debug(1, "analyze file %s not found will try to stream from other", filepath); snprintf(filepath, sizeof(filepath), staticConfig.capture_file_format, event_data->path, curr_frame_id); - if ( stat(filepath, &filestat ) < 0 ) { + if ( stat(filepath, &filestat) < 0 ) { Debug(1, "capture file %s not found either", filepath); filepath[0] = 0; } @@ -744,7 +758,7 @@ Debug(1, "Loading image"); img_buffer_size = fread( img_buffer, 1, sizeof(temp_img_buffer), fdj ); if ( fwrite(img_buffer, img_buffer_size, 1, stdout) != 1 ) { fclose(fdj); /* Close the file handle */ - Error("Unable to send raw frame %u: %s",curr_frame_id,strerror(errno)); + Error("Unable to send raw frame %u: %s", curr_frame_id, strerror(errno)); return false; } } @@ -752,7 +766,7 @@ Debug(1, "Loading image"); fprintf(stdout, "Content-Length: %d\r\n\r\n", img_buffer_size); if ( fwrite(img_buffer, img_buffer_size, 1, stdout) != 1 ) { fclose(fdj); /* Close the file handle */ - Error("Unable to send raw frame %u: %s",curr_frame_id,strerror(errno)); + Error("Unable to send raw frame %u: %s", curr_frame_id, strerror(errno)); return false; } #endif @@ -764,18 +778,17 @@ Debug(1, "Loading image"); Error("Unable to send stream frame: %s", strerror(errno)); return false; } - } // end if send_raw or not + } // end if send_raw or not fputs("\r\n\r\n", stdout); fflush(stdout); - } // end if stream MPEG or other + } // end if stream MPEG or other last_frame_sent = TV_2_FLOAT(now); return true; -} // bool EventStream::sendFrame( int delta_us ) +} // bool EventStream::sendFrame( int delta_us ) void EventStream::runStream() { openComms(); - Debug(3, "Comms open"); checkInitialised(); @@ -804,7 +817,7 @@ void EventStream::runStream() { // The idea is to loop here processing all commands before proceeding. Debug(1, "Have command queue"); } - Debug(1, "Done command queue"); + Debug(2, "Done command queue"); // Update modified time of the socket .lock file so that we can tell which ones are stale. if ( now.tv_sec - last_comm_update.tv_sec > 3600 ) { @@ -812,10 +825,11 @@ void EventStream::runStream() { last_comm_update = now; } } else { - Debug(1, "Not checking command queue"); + Debug(2, "Not checking command queue"); } - if ( step != 0 ) + //if ( step != 0 )// Adding 0 is cheaper than an if 0 + // curr_frame_id starts at 1 though, so we might skip the first frame? curr_frame_id += step; // Detects when we hit end of event and will load the next event or previous event @@ -828,7 +842,7 @@ void EventStream::runStream() { //Info( "cfid:%d", curr_frame_id ); //Info( "fdt:%d", frame_data->timestamp ); if ( !paused ) { - Debug(3,"Not paused"); + Debug(3, "Not paused at frame %d", curr_frame_id); bool in_event = true; double time_to_event = 0; if ( replay_rate > 0 ) { @@ -851,7 +865,8 @@ void EventStream::runStream() { } //else //{ - Debug(2,"Sleeping because paused"); + // FIXME ICON But we are not paused. We are somehow still in the event? + Debug(2, "Sleeping because paused"); usleep(STREAM_PAUSE_WAIT); //curr_stream_time += (replay_rate>0?1:-1) * ((1.0L * replay_rate * STREAM_PAUSE_WAIT)/(ZM_RATE_BASE * 1000000)); curr_stream_time += (1.0L * replay_rate * STREAM_PAUSE_WAIT)/(ZM_RATE_BASE * 1000000); @@ -860,23 +875,23 @@ void EventStream::runStream() { } // end if !in_event // Figure out if we should send this frame -Debug(3,"cur_frame_id (%d-1) mod frame_mod(%d)",curr_frame_id, frame_mod); + Debug(3, "cur_frame_id (%d-1) mod frame_mod(%d)", curr_frame_id, frame_mod); // If we are streaming and this frame is due to be sent // frame mod defaults to 1 and if we are going faster than max_fps will get multiplied by 2 // so if it is 2, then we send every other frame, if is it 4 then every fourth frame, etc. if ( (frame_mod == 1) || (((curr_frame_id-1)%frame_mod) == 0) ) { delta_us = (unsigned int)(frame_data->delta * 1000000); - Debug(3,"frame delta %uus ", delta_us); + Debug(3, "frame delta %uus ", delta_us); // if effective > base we should speed up frame delivery delta_us = (unsigned int)((delta_us * base_fps)/effective_fps); - Debug(3,"delta %u = base_fps(%f)/effective fps(%f)", delta_us, base_fps, effective_fps); + Debug(3, "delta %u = base_fps(%f)/effective fps(%f)", delta_us, base_fps, effective_fps); // but must not exceed maxfps delta_us = max(delta_us, 1000000 / maxfps); - Debug(3,"delta %u = base_fps(%f)/effective fps(%f) from 30fps", delta_us, base_fps, effective_fps); + Debug(3, "delta %u = base_fps(%f)/effective fps(%f) from 30fps", delta_us, base_fps, effective_fps); send_frame = true; } } else if ( step != 0 ) { - Debug(2,"Paused with step"); + Debug(2, "Paused with step"); // We are paused and are just stepping forward or backward one frame step = 0; send_frame = true; @@ -896,8 +911,6 @@ Debug(3,"cur_frame_id (%d-1) mod frame_mod(%d)",curr_frame_id, frame_mod); //Debug(3,"sending frame"); if ( !sendFrame(delta_us) ) zm_terminate = true; - //} else { - //Debug(3,"Not sending frame"); } curr_stream_time = frame_data->timestamp; @@ -909,7 +922,8 @@ Debug(3,"cur_frame_id (%d-1) mod frame_mod(%d)",curr_frame_id, frame_mod); gettimeofday(&now, NULL); uint64_t now_usec = (now.tv_sec * 1000000 + now.tv_usec); - if ( (mode == MODE_SINGLE) && ((unsigned int)curr_frame_id == event_data->frame_count) ) { + // we incremented by replay_rate, so might have jumped past frame_count + if ( (mode == MODE_SINGLE) && ((unsigned int)curr_frame_id >= event_data->frame_count) ) { Debug(2, "Have mode==MODE_SINGLE and at end of event, looping back to start"); curr_frame_id = 1; // Have to reset start_usec to now when replaying @@ -935,19 +949,20 @@ Debug(3,"cur_frame_id (%d-1) mod frame_mod(%d)",curr_frame_id, frame_mod); } else { delta_us = ((1000000 * ZM_RATE_BASE)/((base_fps?base_fps:1)*(replay_rate?abs(replay_rate*2):2))); - Debug(2,"Sleeping %d because 1000000 * ZM_RATE_BASE(%d) / ( base_fps (%f), replay_rate(%d)", + Debug(2, "Sleeping %d because 1000000 * ZM_RATE_BASE(%d) / ( base_fps (%f), replay_rate(%d)", (unsigned long)((1000000 * ZM_RATE_BASE)/((base_fps?base_fps:1)*abs(replay_rate*2))), ZM_RATE_BASE, (base_fps?base_fps:1), (replay_rate?abs(replay_rate*2):200) ); if ( delta_us > 0 and delta_us < 100000 ) { - usleep((unsigned long)((1000000 * ZM_RATE_BASE)/((base_fps?base_fps:1)*abs(replay_rate*2)))); + usleep(delta_us); } else { - //Error("Not sleeping!"); + // Never want to sleep for too long, limit to .1s + Warning("sleeping .1s because delta_us (%d) not good!", delta_us); usleep(100000); } - } + } // end if !paused } // end while ! zm_terminate #if HAVE_LIBAVCODEC if ( type == STREAM_MPEG ) diff --git a/src/zms.cpp b/src/zms.cpp index c78dba1d2..9022fa00c 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -1,25 +1,26 @@ // // ZoneMinder Streaming Server, $Date$, $Revision$ // Copyright (C) 2001-2008 Philip Coombes -// +// // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. -// +// // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. -// +// // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// +// #include #include #include +#include #include "zm.h" #include "zm_db.h" @@ -30,29 +31,29 @@ #include "zm_eventstream.h" #include "zm_fifo.h" -bool ValidateAccess( User *user, int mon_id ) { +bool ValidateAccess(User *user, int mon_id) { bool allowed = true; if ( mon_id > 0 ) { if ( user->getStream() < User::PERM_VIEW ) allowed = false; - if ( !user->canAccess( mon_id ) ) + if ( !user->canAccess(mon_id) ) allowed = false; } else { if ( user->getEvents() < User::PERM_VIEW ) allowed = false; } if ( !allowed ) { - Error("Error, insufficient privileges for requested action user %d %s for monitor %d", + Error("Insufficient privileges for request user %d %s for monitor %d", user->Id(), user->getUsername(), mon_id); } return allowed; } -int main( int argc, const char *argv[] ) { +int main(int argc, const char *argv[]) { self = argv[0]; - srand( getpid() * time( 0 ) ); + srand(getpid() * time(0)); enum { ZMS_UNKNOWN, ZMS_MONITOR, ZMS_EVENT, ZMS_FIFO } source = ZMS_UNKNOWN; enum { ZMS_JPEG, ZMS_MPEG, ZMS_RAW, ZMS_ZIP, ZMS_SINGLE } mode = ZMS_JPEG; @@ -70,40 +71,39 @@ int main( int argc, const char *argv[] ) { std::string username; std::string password; char auth[64] = ""; - std::string jwt_token_str = ""; + std::string jwt_token_str = ""; unsigned int connkey = 0; unsigned int playback_buffer = 0; bool nph = false; const char *basename = strrchr(argv[0], '/'); - if ( basename ) //if we found a / lets skip past it + if ( basename ) // if we found a / lets skip past it basename++; - else //argv[0] will not always contain the full path, but rather just the script name + else // argv[0] might not contain the full path, but just the script name basename = argv[0]; const char *nph_prefix = "nph-"; if ( basename && !strncmp(basename, nph_prefix, strlen(nph_prefix)) ) { nph = true; } - + zmLoadConfig(); char log_id_string[32] = "zms"; - logInit( log_id_string ); - Debug(1,"rate %d", rate); + logInit(log_id_string); const char *query = getenv("QUERY_STRING"); if ( query ) { Debug(1, "Query: %s", query); - + char temp_query[1024]; strncpy(temp_query, query, sizeof(temp_query)); char *q_ptr = temp_query; - char *parms[16]; // Shouldn't be more than this + char *parms[16]; // Shouldn't be more than this int parm_no = 0; while ( (parm_no < 16) && (parms[parm_no] = strtok(q_ptr, "&")) ) { parm_no++; q_ptr = NULL; } - + for ( int p = 0; p < parm_no; p++ ) { char *name = strtok(parms[p], "="); char *value = strtok(NULL, "="); @@ -111,39 +111,38 @@ int main( int argc, const char *argv[] ) { value = (char *)""; if ( !strcmp(name, "source") ) { source = !strcmp(value, "event")?ZMS_EVENT:ZMS_MONITOR; - if (! strcmp( value,"fifo") ) + if ( !strcmp(value, "fifo") ) source = ZMS_FIFO; } else if ( !strcmp(name, "mode") ) { mode = !strcmp(value, "jpeg")?ZMS_JPEG:ZMS_MPEG; mode = !strcmp(value, "raw")?ZMS_RAW:mode; mode = !strcmp(value, "zip")?ZMS_ZIP:mode; mode = !strcmp(value, "single")?ZMS_SINGLE:mode; - } else if ( !strcmp( name, "format" ) ) { + } else if ( !strcmp(name, "format") ) { strncpy( format, value, sizeof(format) ); - } else if ( !strcmp( name, "monitor" ) ) { - monitor_id = atoi( value ); + } else if ( !strcmp(name, "monitor") ) { + monitor_id = atoi(value); if ( source == ZMS_UNKNOWN ) source = ZMS_MONITOR; - } else if ( !strcmp( name, "time" ) ) { - event_time = atoi( value ); - } else if ( !strcmp( name, "event" ) ) { - event_id = strtoull( value, (char **)NULL, 10 ); + } else if ( !strcmp(name, "time") ) { + event_time = atoi(value); + } else if ( !strcmp(name, "event") ) { + event_id = strtoull(value, (char **)NULL, 10); source = ZMS_EVENT; - } else if ( !strcmp( name, "frame" ) ) { - frame_id = strtoull( value, (char **)NULL, 10 ); + } else if ( !strcmp(name, "frame") ) { + frame_id = strtoull(value, (char **)NULL, 10); source = ZMS_EVENT; - } else if ( !strcmp( name, "scale" ) ) { - scale = atoi( value ); - } else if ( !strcmp( name, "rate" ) ) { - rate = atoi( value ); - Debug(2,"Setting rate to %d from %s", rate, value); - } else if ( !strcmp( name, "maxfps" ) ) { - maxfps = atof( value ); - } else if ( !strcmp( name, "bitrate" ) ) { - bitrate = atoi( value ); - } else if ( !strcmp( name, "ttl" ) ) { + } else if ( !strcmp(name, "scale") ) { + scale = atoi(value); + } else if ( !strcmp(name, "rate") ) { + rate = atoi(value); + } else if ( !strcmp(name, "maxfps") ) { + maxfps = atof(value); + } else if ( !strcmp(name, "bitrate") ) { + bitrate = atoi(value); + } else if ( !strcmp(name, "ttl") ) { ttl = atoi(value); - } else if ( !strcmp( name, "replay" ) ) { + } else if ( !strcmp(name, "replay") ) { if ( !strcmp(value, "gapless") ) { replay = EventStream::MODE_ALL_GAPLESS; } else if ( !strcmp(value, "all") ) { @@ -155,27 +154,27 @@ int main( int argc, const char *argv[] ) { } else { Error("Unsupported value %s for replay, defaulting to none", value); } - } else if ( !strcmp( name, "connkey" ) ) { + } else if ( !strcmp(name, "connkey") ) { connkey = atoi(value); - } else if ( !strcmp( name, "buffer" ) ) { + } else if ( !strcmp(name, "buffer") ) { playback_buffer = atoi(value); - } else if ( !strcmp( name, "auth" ) ) { + } else if ( !strcmp(name, "auth") ) { strncpy( auth, value, sizeof(auth)-1 ); - } else if ( !strcmp( name, "token" ) ) { + } else if ( !strcmp(name, "token") ) { jwt_token_str = value; Debug(1, "ZMS: JWT token found: %s", jwt_token_str.c_str()); - } else if ( !strcmp( name, "user" ) ) { - username = UriDecode( value ); - } else if ( !strcmp( name, "pass" ) ) { + } else if ( !strcmp(name, "user") ) { + username = UriDecode(value); + } else if ( !strcmp(name, "pass") ) { password = UriDecode(value); Debug(1, "Have %s for password", password.c_str()); } else { Debug(1, "Unknown parameter passed to zms %s=%s", name, value); - } // end if possible parameter names - } // end foreach parm + } // end if possible parameter names + } // end foreach parm } else { Fatal("No query string."); - } // end if query + } // end if query if ( monitor_id ) { snprintf(log_id_string, sizeof(log_id_string), "zms_m%d", monitor_id); @@ -188,7 +187,7 @@ int main( int argc, const char *argv[] ) { User *user = 0; if ( jwt_token_str != "" ) { - //user = zmLoadTokenUser(jwt_token_str, config.auth_hash_ips); + // user = zmLoadTokenUser(jwt_token_str, config.auth_hash_ips); user = zmLoadTokenUser(jwt_token_str, false); } else if ( strcmp(config.auth_relay, "none") == 0 ) { if ( checkUser(username.c_str()) ) { @@ -198,13 +197,13 @@ int main( int argc, const char *argv[] ) { } } else { - //if ( strcmp( config.auth_relay, "hashed" ) == 0 ) + // if ( strcmp( config.auth_relay, "hashed" ) == 0 ) { if ( *auth ) { user = zmLoadAuthUser(auth, config.auth_hash_ips); } } - //else if ( strcmp( config.auth_relay, "plain" ) == 0 ) + // else if ( strcmp( config.auth_relay, "plain" ) == 0 ) { if ( username.length() && password.length() ) { user = zmLoadUser(username.c_str(), password.c_str()); @@ -212,19 +211,19 @@ int main( int argc, const char *argv[] ) { } } if ( !user ) { - fprintf(stdout, "HTTP/1.0 401 Unauthorized\r\n"); + fputs("HTTP/1.0 401 Unauthorized\r\n", stdout); Error("Unable to authenticate user"); logTerm(); zmDbClose(); return -1; } if ( !ValidateAccess(user, monitor_id) ) { - fprintf(stdout, "HTTP/1.0 403 Forbidden\r\n"); + fputs("HTTP/1.0 403 Forbidden\r\n", stdout); logTerm(); zmDbClose(); return -1; } - } // end if config.opt_use_auth + } // end if config.opt_use_auth hwcaps_detect(); zmSetDefaultTermHandler(); @@ -232,79 +231,76 @@ int main( int argc, const char *argv[] ) { setbuf(stdout, 0); if ( nph ) { - fprintf(stdout, "HTTP/1.0 200 OK\r\n"); + fputs("HTTP/1.0 200 OK\r\n", stdout); } - fprintf( stdout, "Server: ZoneMinder Video Server/%s\r\n", ZM_VERSION ); - - time_t now = time( 0 ); - char date_string[64]; - strftime( date_string, sizeof(date_string)-1, "%a, %d %b %Y %H:%M:%S GMT", gmtime( &now ) ); + fprintf(stdout, "Server: ZoneMinder Video Server/%s\r\n", ZM_VERSION); - fprintf( stdout, "Expires: Mon, 26 Jul 1997 05:00:00 GMT\r\n" ); - fprintf( stdout, "Last-Modified: %s\r\n", date_string ); - fprintf( stdout, "Cache-Control: no-store, no-cache, must-revalidate\r\n" ); - fprintf( stdout, "Cache-Control: post-check=0, pre-check=0\r\n" ); - fprintf( stdout, "Pragma: no-cache\r\n"); - // Removed as causing more problems than it fixed. - //if ( !nph ) - //{ - //fprintf( stdout, "Content-Length: 0\r\n"); - //} + time_t now = time(0); + char date_string[64]; + strftime(date_string, sizeof(date_string)-1, "%a, %d %b %Y %H:%M:%S GMT", gmtime(&now)); + + fprintf(stdout, "Last-Modified: %s\r\n", date_string); + fputs( + "Expires: Mon, 26 Jul 1997 05:00:00 GMT\r\n" + "Cache-Control: no-store, no-cache, must-revalidate\r\n" + "Cache-Control: post-check=0, pre-check=0\r\n" + "Pragma: no-cache\r\n", + stdout); if ( source == ZMS_MONITOR ) { MonitorStream stream; - stream.setStreamScale( scale ); - stream.setStreamReplayRate( rate ); - stream.setStreamMaxFPS( maxfps ); - stream.setStreamTTL( ttl ); - stream.setStreamQueue( connkey ); - stream.setStreamBuffer( playback_buffer ); - if ( ! stream.setStreamStart( monitor_id ) ) { - Error( "Unable to connect to zmc process for monitor %d", monitor_id ); - fprintf( stderr, "Unable to connect to zmc process. Please ensure that it is running." ); + stream.setStreamScale(scale); + stream.setStreamReplayRate(rate); + stream.setStreamMaxFPS(maxfps); + stream.setStreamTTL(ttl); + stream.setStreamQueue(connkey); + stream.setStreamBuffer(playback_buffer); + if ( !stream.setStreamStart(monitor_id) ) { + Error("Unable to connect to zmc process for monitor %d", monitor_id); + fprintf(stderr, "Unable to connect to zmc process. " + " Please ensure that it is running."); logTerm(); zmDbClose(); - return( -1 ); - } + return -1; + } if ( mode == ZMS_JPEG ) { - stream.setStreamType( MonitorStream::STREAM_JPEG ); + stream.setStreamType(MonitorStream::STREAM_JPEG); } else if ( mode == ZMS_RAW ) { - stream.setStreamType( MonitorStream::STREAM_RAW ); + stream.setStreamType(MonitorStream::STREAM_RAW); } else if ( mode == ZMS_ZIP ) { - stream.setStreamType( MonitorStream::STREAM_ZIP ); + stream.setStreamType(MonitorStream::STREAM_ZIP); } else if ( mode == ZMS_SINGLE ) { - stream.setStreamType( MonitorStream::STREAM_SINGLE ); + stream.setStreamType(MonitorStream::STREAM_SINGLE); } else { #if HAVE_LIBAVCODEC - stream.setStreamFormat( format ); - stream.setStreamBitrate( bitrate ); - stream.setStreamType( MonitorStream::STREAM_MPEG ); -#else // HAVE_LIBAVCODEC - Error( "MPEG streaming of '%s' attempted while disabled", query ); - fprintf( stderr, "MPEG streaming is disabled.\nYou should configure with the --with-ffmpeg option and rebuild to use this functionality.\n" ); + stream.setStreamFormat(format); + stream.setStreamBitrate(bitrate); + stream.setStreamType(MonitorStream::STREAM_MPEG); +#else // HAVE_LIBAVCODEC + Error("MPEG streaming of '%s' attempted while disabled", query); + fprintf(stderr, "MPEG streaming is disabled.\nYou should configure with the --with-ffmpeg option and rebuild to use this functionality.\n"); logTerm(); zmDbClose(); - return( -1 ); -#endif // HAVE_LIBAVCODEC + return -1; +#endif // HAVE_LIBAVCODEC } stream.runStream(); - } else if (source == ZMS_FIFO ) { + } else if ( source == ZMS_FIFO ) { FifoStream stream; - stream.setStreamMaxFPS( maxfps ); - stream.setStreamStart( monitor_id, format ); + stream.setStreamMaxFPS(maxfps); + stream.setStreamStart(monitor_id, format); stream.runStream(); } else if ( source == ZMS_EVENT ) { - if ( ! event_id ) { - Fatal( "Can't view an event without specifying an event_id." ); + if ( !event_id ) { + Fatal("Can't view an event without specifying an event_id."); } - Debug(3,"Doing event stream scale(%d)", scale ); EventStream stream; - stream.setStreamScale( scale ); - stream.setStreamReplayRate( rate ); - stream.setStreamMaxFPS( maxfps ); - stream.setStreamMode( replay ); - stream.setStreamQueue( connkey ); + stream.setStreamScale(scale); + stream.setStreamReplayRate(rate); + stream.setStreamMaxFPS(maxfps); + stream.setStreamMode(replay); + stream.setStreamQueue(connkey); if ( monitor_id && event_time ) { stream.setStreamStart(monitor_id, event_time); } else { @@ -312,24 +308,26 @@ int main( int argc, const char *argv[] ) { stream.setStreamStart(event_id, frame_id); } if ( mode == ZMS_JPEG ) { - stream.setStreamType( EventStream::STREAM_JPEG ); + stream.setStreamType(EventStream::STREAM_JPEG); } else { #if HAVE_LIBAVCODEC - stream.setStreamFormat( format ); - stream.setStreamBitrate( bitrate ); - stream.setStreamType( EventStream::STREAM_MPEG ); -#else // HAVE_LIBAVCODEC - Error( "MPEG streaming of '%s' attempted while disabled", query ); - fprintf( stderr, "MPEG streaming is disabled.\nYou should ensure the ffmpeg libraries are installed and detected and rebuild to use this functionality.\n" ); + stream.setStreamFormat(format); + stream.setStreamBitrate(bitrate); + stream.setStreamType(EventStream::STREAM_MPEG); +#else // HAVE_LIBAVCODEC + Error("MPEG streaming of '%s' attempted while disabled", query); + fprintf(stderr, "MPEG streaming is disabled.\n" + "You should ensure the ffmpeg libraries are installed and detected" + " and rebuild to use this functionality.\n"); logTerm(); zmDbClose(); - return( -1 ); -#endif // HAVE_LIBAVCODEC - } // end if jpeg or mpeg + return -1; +#endif // HAVE_LIBAVCODEC + } // end if jpeg or mpeg stream.runStream(); } else { Error("Neither a monitor or event was specified."); - } // end if monitor or event + } // end if monitor or event logTerm(); zmDbClose(); From 3da12fd14195879e29da365848b147576555d473 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 26 Jul 2019 12:21:15 -0400 Subject: [PATCH 320/360] Add a bunch of debugging --- src/zm_eventstream.cpp | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/zm_eventstream.cpp b/src/zm_eventstream.cpp index f3a5e35bc..f9791474d 100644 --- a/src/zm_eventstream.cpp +++ b/src/zm_eventstream.cpp @@ -593,6 +593,7 @@ void EventStream::checkEventLoaded() { else curr_frame_id = event_data->frame_count; paused = true; + sendTextFrame("No more event data found"); } // end if found a new event or not mysql_free_result(result); forceEventChange = false; @@ -843,6 +844,9 @@ void EventStream::runStream() { //Info( "fdt:%d", frame_data->timestamp ); if ( !paused ) { Debug(3, "Not paused at frame %d", curr_frame_id); + + // This next bit is to determine if we are in the current event time wise + // and whether to show an image saying how long until the next event. bool in_event = true; double time_to_event = 0; if ( replay_rate > 0 ) { @@ -854,22 +858,36 @@ void EventStream::runStream() { if ( time_to_event > 0 ) in_event = false; } + Debug(1, "replay rate(%d) in_event(%d) time_to_event(%f)=curr_stream_time(%f)-frame timestamp:%f", + replay_rate, in_event, time_to_event, curr_stream_time, event_data->frames[event_data->frame_count-1].timestamp); if ( !in_event ) { double actual_delta_time = TV_2_FLOAT(now) - last_frame_sent; + Debug(1, "Ctual delta time = %f = %f - %f", actual_delta_time , TV_2_FLOAT(now) , last_frame_sent); // > 1 second if ( actual_delta_time > 1 ) { + Debug(1, "Sending time to next event frame"); static char frame_text[64]; snprintf(frame_text, sizeof(frame_text), "Time to next event = %d seconds", (int)time_to_event); if ( !sendTextFrame(frame_text) ) zm_terminate = true; + } else { + Debug(1, "Not Sending time to next event frame because actual delta time is %f", actual_delta_time); } //else //{ // FIXME ICON But we are not paused. We are somehow still in the event? - Debug(2, "Sleeping because paused"); + double sleep_time = (replay_rate>0?1:-1) * ((1.0L * replay_rate * STREAM_PAUSE_WAIT)/(ZM_RATE_BASE * 1000000)); + //double sleep_time = (replay_rate * STREAM_PAUSE_WAIT)/(ZM_RATE_BASE * 1000000); + //// ZM_RATE_BASE == 100, and 1x replay_rate is 100 + //double sleep_time = ((replay_rate/ZM_RATE_BASE) * STREAM_PAUSE_WAIT)/1000000; + if ( ! sleep_time ) { + sleep_time += STREAM_PAUSE_WAIT/1000000; + } + curr_stream_time += sleep_time; + Debug(2, "Sleeping (%dus) because we are not at the next event yet, adding %f", STREAM_PAUSE_WAIT, sleep_time); usleep(STREAM_PAUSE_WAIT); - //curr_stream_time += (replay_rate>0?1:-1) * ((1.0L * replay_rate * STREAM_PAUSE_WAIT)/(ZM_RATE_BASE * 1000000)); - curr_stream_time += (1.0L * replay_rate * STREAM_PAUSE_WAIT)/(ZM_RATE_BASE * 1000000); + + //curr_stream_time += (1.0L * replay_rate * STREAM_PAUSE_WAIT)/(ZM_RATE_BASE * 1000000); //} continue; } // end if !in_event From 09934ed7f5c13c0bf4acc5d3a14b7995649df64d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 26 Jul 2019 12:21:25 -0400 Subject: [PATCH 321/360] Fix sendTextFrame --- src/zm_stream.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/zm_stream.cpp b/src/zm_stream.cpp index 797946046..732b1b810 100644 --- a/src/zm_stream.cpp +++ b/src/zm_stream.cpp @@ -236,8 +236,9 @@ Image *StreamBase::prepareImage( Image *image ) { return image; } -bool StreamBase::sendTextFrame( const char *frame_text ) { - Debug(2, "Sending text frame '%s'", frame_text); +bool StreamBase::sendTextFrame(const char *frame_text) { + Debug(2, "Sending %dx%d * %d text frame '%s'", + monitor->Width(), monitor->Height(), scale, frame_text); Image image(monitor->Width(), monitor->Height(), monitor->Colours(), monitor->SubpixelOrder()); image.Annotate(frame_text, image.centreCoord(frame_text)); @@ -261,8 +262,8 @@ bool StreamBase::sendTextFrame( const char *frame_text ) { image.EncodeJpeg(buffer, &n_bytes); - fputs("--ZoneMinderFrame\r\nContent-Type: image/jpeg\r\n\r\n", stdout); - fprintf(stdout, "Content-Length: %d\r\n", n_bytes); + fputs("--ZoneMinderFrame\r\nContent-Type: image/jpeg\r\n", stdout); + fprintf(stdout, "Content-Length: %d\r\n\r\n", n_bytes); if ( fwrite(buffer, n_bytes, 1, stdout) != 1 ) { Error("Unable to send stream text frame: %s", strerror(errno)); return false; From e5c194e9ee12c8f1faecd8874fea4d1de9bef3c0 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 26 Jul 2019 12:22:04 -0400 Subject: [PATCH 322/360] Fix return 403 status code --- src/zms.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/zms.cpp b/src/zms.cpp index 9022fa00c..544aa9936 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -211,17 +211,17 @@ int main(int argc, const char *argv[]) { } } if ( !user ) { - fputs("HTTP/1.0 401 Unauthorized\r\n", stdout); + fputs("HTTP/1.0 403 Forbidden\r\n\r\n", stdout); Error("Unable to authenticate user"); logTerm(); zmDbClose(); - return -1; + return 0; } if ( !ValidateAccess(user, monitor_id) ) { - fputs("HTTP/1.0 403 Forbidden\r\n", stdout); + fputs("HTTP/1.0 403 Forbidden\r\n\r\n", stdout); logTerm(); zmDbClose(); - return -1; + return 0; } } // end if config.opt_use_auth From 4b89ced889bd17b94a2e9080134abcc2e458ede5 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 26 Jul 2019 12:24:36 -0400 Subject: [PATCH 323/360] Warn about waiting more than .5s instead of .1 --- src/zm_eventstream.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/zm_eventstream.cpp b/src/zm_eventstream.cpp index f9791474d..36e8d097d 100644 --- a/src/zm_eventstream.cpp +++ b/src/zm_eventstream.cpp @@ -973,12 +973,12 @@ void EventStream::runStream() { (base_fps?base_fps:1), (replay_rate?abs(replay_rate*2):200) ); - if ( delta_us > 0 and delta_us < 100000 ) { + if ( delta_us > 0 and delta_us < 500000 ) { usleep(delta_us); } else { // Never want to sleep for too long, limit to .1s - Warning("sleeping .1s because delta_us (%d) not good!", delta_us); - usleep(100000); + Warning("sleeping .5s because delta_us (%d) not good!", delta_us); + usleep(500000); } } // end if !paused } // end while ! zm_terminate From 8167ff21438d0e6015dccf4ddb7c68de9221a218 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 26 Jul 2019 12:28:02 -0400 Subject: [PATCH 324/360] fix eslint --- web/skins/classic/views/js/download.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/web/skins/classic/views/js/download.js b/web/skins/classic/views/js/download.js index 55a256795..717ab76de 100644 --- a/web/skins/classic/views/js/download.js +++ b/web/skins/classic/views/js/download.js @@ -26,14 +26,14 @@ function exportProgress() { } } -function exportResponse( respObj, respText ) { +function exportResponse(respObj, respText) { console.log(respObj); window.location.replace( - thisUrl+'?view='+currentView+'&'+eidParm - +'&exportFormat='+respObj.exportFormat - +'&exportFile='+respObj.exportFile - +'&generated='+((respObj.result=='Ok')?1:0) - +'&connkey='+connkey + thisUrl+'?view='+currentView+'&'+eidParm + +'&exportFormat='+respObj.exportFormat + +'&exportFile='+respObj.exportFile + +'&generated='+((respObj.result=='Ok')?1:0) + +'&connkey='+connkey ); } From 5a93150f5bb3cea41caeb430a5b79a2a1e898292 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 29 Jul 2019 14:54:36 -0400 Subject: [PATCH 325/360] Use isset when testing for existence of authash in session --- web/includes/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index b6213e061..652ef3c98 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -377,7 +377,7 @@ if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_HASH_LOGINS and (ZM_AUTH_RELAY == 'hashed') ) { # Extra validation, if logged in, then the auth hash will be set in the session, so we can validate it. # This prevent session modification to switch users - if ( $_SESSION['AuthHash'.$_SESSION['remoteAddr']] ) + if ( isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]); } else { # Need to refresh permissions and validate that the user still exists From 7f19831e0c71bf39bd89d4b7f50680806e949983 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 29 Jul 2019 14:54:55 -0400 Subject: [PATCH 326/360] Use isset when testing for existence of authash in session --- web/includes/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index b6213e061..652ef3c98 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -377,7 +377,7 @@ if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_HASH_LOGINS and (ZM_AUTH_RELAY == 'hashed') ) { # Extra validation, if logged in, then the auth hash will be set in the session, so we can validate it. # This prevent session modification to switch users - if ( $_SESSION['AuthHash'.$_SESSION['remoteAddr']] ) + if ( isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]); } else { # Need to refresh permissions and validate that the user still exists From 48ad8d47fcb29fee88568c0b77ba3010ec5e16f4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 31 Jul 2019 11:23:02 -0400 Subject: [PATCH 327/360] Add capture_max_fps to monitor object instead of just calculating the delay. --- src/zm_monitor.cpp | 23 ++++++++++++++++++----- src/zm_monitor.h | 3 +++ 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index fda0f5709..7e4e7a333 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -302,6 +302,7 @@ Monitor::Monitor( int p_min_section_length, int p_frame_skip, int p_motion_frame_skip, + double p_capture_max_fps, double p_analysis_fps, unsigned int p_analysis_update_delay, int p_capture_delay, @@ -342,6 +343,7 @@ Monitor::Monitor( min_section_length( p_min_section_length ), frame_skip( p_frame_skip ), motion_frame_skip( p_motion_frame_skip ), + capture_max_fps( p_capture_max_fps ), analysis_fps( p_analysis_fps ), analysis_update_delay( p_analysis_update_delay ), capture_delay( p_capture_delay ), @@ -891,16 +893,19 @@ double Monitor::GetFPS() const { double time_diff = tvDiffSec( time2, time1 ); if ( ! time_diff ) { - Error( "No diff between time_diff = %lf (%d:%ld.%ld - %d:%ld.%ld), ibc: %d", time_diff, index2, time2.tv_sec, time2.tv_usec, index1, time1.tv_sec, time1.tv_usec, image_buffer_count ); + Error("No diff between time_diff = %lf (%d:%ld.%ld - %d:%ld.%ld), ibc: %d", + time_diff, index2, time2.tv_sec, time2.tv_usec, index1, time1.tv_sec, time1.tv_usec, image_buffer_count); return 0.0; } double curr_fps = image_count/time_diff; if ( curr_fps < 0.0 ) { - Error( "Negative FPS %f, time_diff = %lf (%d:%ld.%ld - %d:%ld.%ld), ibc: %d", curr_fps, time_diff, index2, time2.tv_sec, time2.tv_usec, index1, time1.tv_sec, time1.tv_usec, image_buffer_count ); + Error("Negative FPS %f, time_diff = %lf (%d:%ld.%ld - %d:%ld.%ld), ibc: %d", + curr_fps, time_diff, index2, time2.tv_sec, time2.tv_usec, index1, time1.tv_sec, time1.tv_usec, image_buffer_count); return 0.0; } else { - Debug( 2, "GetFPS %f, time_diff = %lf (%d:%ld.%ld - %d:%ld.%ld), ibc: %d", curr_fps, time_diff, index2, time2.tv_sec, time2.tv_usec, index1, time1.tv_sec, time1.tv_usec, image_buffer_count ); + Debug(2, "GetFPS %f, time_diff = %lf (%d:%ld.%ld - %d:%ld.%ld), ibc: %d", + curr_fps, time_diff, index2, time2.tv_sec, time2.tv_usec, index1, time1.tv_sec, time1.tv_usec, image_buffer_count); } return curr_fps; } @@ -1835,7 +1840,10 @@ void Monitor::Reload() { motion_frame_skip = atoi(dbrow[index++]); analysis_fps = dbrow[index] ? strtod(dbrow[index], NULL) : 0; index++; analysis_update_delay = strtoul(dbrow[index++], NULL, 0); - capture_delay = (dbrow[index]&&atof(dbrow[index])>0.0)?int(DT_PREC_3/atof(dbrow[index])):0; index++; + + capture_max_fps = dbrow[index] ? atof(dbrow[index]) : 0.0; index++; + capture_delay = ( capture_max_fps > 0.0 ) ? int(DT_PREC_3/capture_max_fps) : 0; + alarm_capture_delay = (dbrow[index]&&atof(dbrow[index])>0.0)?int(DT_PREC_3/atof(dbrow[index])):0; index++; fps_report_interval = atoi(dbrow[index++]); ref_blend_perc = atoi(dbrow[index++]); @@ -2064,7 +2072,11 @@ Monitor *Monitor::Load(MYSQL_ROW dbrow, bool load_zones, Purpose purpose) { double analysis_fps = dbrow[col] ? strtod(dbrow[col], NULL) : 0; col++; unsigned int analysis_update_delay = strtoul(dbrow[col++], NULL, 0); - double capture_delay = (dbrow[col]&&atof(dbrow[col])>0.0)?int(DT_PREC_3/atof(dbrow[col])):0; col++; + + double capture_max_fps = dbrow[col] ? atof(dbrow[col]) : 0.0; col++; + double capture_delay = ( capture_max_fps > 0.0 ) ? int(DT_PREC_3/capture_max_fps) : 0; + + Debug(1,"Capture Delay!? %.3f", capture_delay); unsigned int alarm_capture_delay = (dbrow[col]&&atof(dbrow[col])>0.0)?int(DT_PREC_3/atof(dbrow[col])):0; col++; const char *device = dbrow[col]; col++; @@ -2338,6 +2350,7 @@ Monitor *Monitor::Load(MYSQL_ROW dbrow, bool load_zones, Purpose purpose) { min_section_length, frame_skip, motion_frame_skip, + capture_max_fps, analysis_fps, analysis_update_delay, capture_delay, diff --git a/src/zm_monitor.h b/src/zm_monitor.h index 37efec69a..046f20c5a 100644 --- a/src/zm_monitor.h +++ b/src/zm_monitor.h @@ -279,6 +279,7 @@ protected: bool adaptive_skip; // Whether to use the newer adaptive algorithm for this monitor int frame_skip; // How many frames to skip in continuous modes int motion_frame_skip; // How many frames to skip in motion detection + double capture_max_fps; // Target Capture FPS double analysis_fps; // Target framerate for video analysis unsigned int analysis_update_delay; // How long we wait before updating analysis parameters int capture_delay; // How long we wait between capture frames @@ -390,6 +391,7 @@ public: int p_min_section_length, int p_frame_skip, int p_motion_frame_skip, + double p_capture_max_fps, double p_analysis_fps, unsigned int p_analysis_update_delay, int p_capture_delay, @@ -473,6 +475,7 @@ public: void UpdateAdaptiveSkip(); useconds_t GetAnalysisRate(); unsigned int GetAnalysisUpdateDelay() const { return analysis_update_delay; } + unsigned int GetCaptureMaxFPS() const { return capture_max_fps; } int GetCaptureDelay() const { return capture_delay; } int GetAlarmCaptureDelay() const { return alarm_capture_delay; } unsigned int GetLastReadIndex() const; From 90cb5d018aadd35a730e8421b2adf51b4b88846d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 31 Jul 2019 11:42:38 -0400 Subject: [PATCH 328/360] Fix 2673 (#2675) * Change MaxFPS to DECIMAL(5,3) to handle values like 1/60 = 0.017 * When fps < 1 we may need to wait longer than 10s. Also, we cannot sleep for a long time, because we may need to send a keep alive or check the command queue. So limit the sleep to 1s * Bump version * Update MaxFPS to Decimal(5,3) * Fix missing ; --- db/zm_create.sql.in | 2 +- db/zm_update-1.33.13.sql | 6 +++ src/zm_monitorstream.cpp | 86 ++++++++++++++++++++++++++++------------ version | 2 +- 4 files changed, 68 insertions(+), 28 deletions(-) create mode 100644 db/zm_update-1.33.13.sql diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index d1952f66a..ed81489da 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -413,7 +413,7 @@ CREATE TABLE `MonitorPresets` ( `Width` smallint(5) unsigned default NULL, `Height` smallint(5) unsigned default NULL, `Palette` int(10) unsigned default NULL, - `MaxFPS` decimal(5,2) default NULL, + `MaxFPS` decimal(5,3) default NULL, `Controllable` tinyint(3) unsigned NOT NULL default '0', `ControlId` varchar(16) default NULL, `ControlDevice` varchar(255) default NULL, diff --git a/db/zm_update-1.33.13.sql b/db/zm_update-1.33.13.sql new file mode 100644 index 000000000..8114205c0 --- /dev/null +++ b/db/zm_update-1.33.13.sql @@ -0,0 +1,6 @@ +-- +-- Add primary keys for Logs and Stats tables +-- + +SELECT "Modifying Monitors MaxFPS to DECIMAL(5,3)"; +ALTER TABLE `Monitors` MODIFY `MaxFPS` decimal(5,3) default NULL; diff --git a/src/zm_monitorstream.cpp b/src/zm_monitorstream.cpp index 264749201..15406c456 100644 --- a/src/zm_monitorstream.cpp +++ b/src/zm_monitorstream.cpp @@ -27,6 +27,8 @@ #include #include +const int MAX_SLEEP_USEC=1000000; // 1 sec + bool MonitorStream::checkSwapPath(const char *path, bool create_path) { struct stat stat_buf; @@ -416,20 +418,21 @@ bool MonitorStream::sendFrame(Image *image, struct timeval *timestamp) { } return false; } - fputs("\r\n\r\n",stdout); - fflush( stdout ); + fputs("\r\n\r\n", stdout); + fflush(stdout); struct timeval frameEndTime; - gettimeofday( &frameEndTime, NULL ); + gettimeofday(&frameEndTime, NULL); - int frameSendTime = tvDiffMsec( frameStartTime, frameEndTime ); + int frameSendTime = tvDiffMsec(frameStartTime, frameEndTime); if ( frameSendTime > 1000/maxfps ) { maxfps /= 1.5; - Warning("Frame send time %d msec too slow, throttling maxfps to %.2f", frameSendTime, maxfps); + Warning("Frame send time %d msec too slow, throttling maxfps to %.2f", + frameSendTime, maxfps); } } - last_frame_sent = TV_2_FLOAT( now ); - return( true ); + last_frame_sent = TV_2_FLOAT(now); + return true; } // end bool MonitorStream::sendFrame( Image *image, struct timeval *timestamp ) void MonitorStream::runStream() { @@ -515,16 +518,33 @@ void MonitorStream::runStream() { } // end if connkey & playback_buffer float max_secs_since_last_sent_frame = 10.0; //should be > keep alive amount (5 secs) + // if MaxFPS < 0 as in 1/60 = 0.017 then we won't get another frame for 60 sec. + double capture_fps = monitor->GetFPS(); + double capture_max_fps = monitor->GetCaptureMaxFPS(); + if ( capture_max_fps && ( capture_fps > capture_max_fps ) ) { + Debug(1, "Using %.3f for fps instead of current fps %.3f", capture_max_fps, capture_fps); + capture_fps = capture_max_fps; + } + + if ( capture_fps < 1 ) { + max_secs_since_last_sent_frame = 10/capture_fps; + Debug(1, "Adjusting max_secs_since_last_sent_frame to %.2f from current fps %.2f", + max_secs_since_last_sent_frame, monitor->GetFPS()); + } else { + Debug(1, "Not Adjusting max_secs_since_last_sent_frame to %.2f from current fps %.2f", + max_secs_since_last_sent_frame, monitor->GetFPS()); + } + while ( !zm_terminate ) { bool got_command = false; if ( feof(stdout) ) { - Debug(2,"feof stdout"); + Debug(2, "feof stdout"); break; } else if ( ferror(stdout) ) { - Debug(2,"ferror stdout"); + Debug(2, "ferror stdout"); break; } else if ( !monitor->ShmValid() ) { - Debug(2,"monitor not valid.... maybe we should wait until it comes back."); + Debug(2, "monitor not valid.... maybe we should wait until it comes back."); break; } @@ -547,12 +567,12 @@ void MonitorStream::runStream() { if ( paused ) { if ( !was_paused ) { int index = monitor->shared_data->last_write_index % monitor->image_buffer_count; - Debug(1,"Saving paused image from index %d",index); - paused_image = new Image( *monitor->image_buffer[index].image ); + Debug(1, "Saving paused image from index %d",index); + paused_image = new Image(*monitor->image_buffer[index].image); paused_timestamp = *(monitor->image_buffer[index].timestamp); } } else if ( paused_image ) { - Debug(1,"Clearing paused_image"); + Debug(1, "Clearing paused_image"); delete paused_image; paused_image = NULL; } @@ -560,7 +580,7 @@ void MonitorStream::runStream() { if ( buffered_playback && delayed ) { if ( temp_read_index == temp_write_index ) { // Go back to live viewing - Debug( 1, "Exceeded temporary streaming buffer" ); + Debug(1, "Exceeded temporary streaming buffer"); // Clear paused flag paused = false; // Clear delayed_play flag @@ -611,10 +631,10 @@ void MonitorStream::runStream() { //paused? int temp_index = MOD_ADD(temp_read_index, 0, temp_image_buffer_count); - double actual_delta_time = TV_2_FLOAT( now ) - last_frame_sent; - if ( got_command || actual_delta_time > 5 ) { + double actual_delta_time = TV_2_FLOAT( now ) - last_frame_sent; + if ( got_command || actual_delta_time > 5 ) { // Send keepalive - Debug( 2, "Sending keepalive frame %d", temp_index ); + Debug(2, "Sending keepalive frame %d", temp_index); // Send the next frame if ( !sendFrame( temp_image_buffer[temp_index].file_name, &temp_image_buffer[temp_index].timestamp ) ) zm_terminate = true; @@ -625,7 +645,7 @@ void MonitorStream::runStream() { if ( temp_read_index == temp_write_index ) { // Go back to live viewing - Warning( "Rewound over write index, resuming live play" ); + Warning("Rewound over write index, resuming live play"); // Clear paused flag paused = false; // Clear delayed_play flag @@ -638,7 +658,8 @@ void MonitorStream::runStream() { // have a new image to send int index = monitor->shared_data->last_write_index % monitor->image_buffer_count; // % shouldn't be neccessary last_read_index = monitor->shared_data->last_write_index; - Debug( 2, "index: %d: frame_mod: %d frame count: %d paused(%d) delayed(%d)", index, frame_mod, frame_count, paused, delayed ); + Debug(2, "index: %d: frame_mod: %d frame count: %d paused(%d) delayed(%d)", + index, frame_mod, frame_count, paused, delayed ); if ( (frame_mod == 1) || ((frame_count%frame_mod) == 0) ) { if ( !paused && !delayed ) { // Send the next frame @@ -655,18 +676,19 @@ void MonitorStream::runStream() { temp_read_index = temp_write_index; } else { + Debug(2, "Paused %d, delayed %d", paused, delayed); double actual_delta_time = TV_2_FLOAT(now) - last_frame_sent; if ( actual_delta_time > 5 ) { if ( paused_image ) { // Send keepalive - Debug(2, "Sending keepalive frame "); + Debug(2, "Sending keepalive frame because delta time %.2f > 5", actual_delta_time); // Send the next frame if ( !sendFrame(paused_image, &paused_timestamp) ) zm_terminate = true; } else { Debug(2, "Would have sent keepalive frame, but had no paused_image "); } - } + } } } // end if should send frame @@ -698,11 +720,17 @@ void MonitorStream::runStream() { } // end if buffered playback frame_count++; } else { - Debug(4,"Waiting for capture last_write_index=%u", monitor->shared_data->last_write_index); + Debug(3, "Waiting for capture last_write_index=%u", monitor->shared_data->last_write_index); } // end if ( (unsigned int)last_read_index != monitor->shared_data->last_write_index ) unsigned long sleep_time = (unsigned long)((1000000 * ZM_RATE_BASE)/((base_fps?base_fps:1)*abs(replay_rate*2))); - Debug(4, "Sleeping for (%d)", sleep_time); + Debug(3, "Sleeping for (%d)", sleep_time); + + if ( sleep_time > MAX_SLEEP_USEC ) { + // Shouldn't sleep for long because we need to check command queue, etc. + sleep_time = MAX_SLEEP_USEC; + } + Debug(3, "Sleeping for %dus", sleep_time); usleep(sleep_time); if ( ttl ) { if ( (now.tv_sec - stream_start_time) > ttl ) { @@ -713,9 +741,15 @@ void MonitorStream::runStream() { if ( ! last_frame_sent ) { // If we didn't capture above, because frame_mod was bad? Then last_frame_sent will not have a value. last_frame_sent = now.tv_sec; - Warning( "no last_frame_sent. Shouldn't happen. frame_mod was (%d) frame_count (%d) ", frame_mod, frame_count ); - } else if ( (!paused) && ( (TV_2_FLOAT( now ) - last_frame_sent) > max_secs_since_last_sent_frame ) ) { - Error( "Terminating, last frame sent time %f secs more than maximum of %f", TV_2_FLOAT( now ) - last_frame_sent, max_secs_since_last_sent_frame ); + Warning("no last_frame_sent. Shouldn't happen. frame_mod was (%d) frame_count (%d) ", + frame_mod, frame_count); + } else if ( + (!paused) + && + ( (TV_2_FLOAT(now) - last_frame_sent) > max_secs_since_last_sent_frame ) + ) { + Error("Terminating, last frame sent time %f secs more than maximum of %f", + TV_2_FLOAT(now) - last_frame_sent, max_secs_since_last_sent_frame); break; } } // end while diff --git a/version b/version index 325da8275..91a50ee09 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.33.12 +1.33.13 From 14ed777eebf0ccdcfaa071c12724d16794e4a0fe Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 31 Jul 2019 17:17:54 -0400 Subject: [PATCH 329/360] fix segfault when debbing is turned on for zma --- src/zm_monitor.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index 7e4e7a333..787ff5e34 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -1530,7 +1530,7 @@ bool Monitor::Analyse() { Info("%s: %03d - Closing event %" PRIu64 ", continuous end, alarm begins", name, image_count, event->Id()); closeEvent(); - } else { + } else if ( event ) { // This is so if we need more than 1 alarm frame before going into alarm, so it is basically if we have enough alarm frames Debug(3, "pre-alarm-count in event %d, event frames %d, alarm frames %d event length %d >=? %d", Event::PreAlarmCount(), event->Frames(), event->AlarmFrames(), From 479e7c290c7bd7f0f71d9b4026d601370253b7d4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 1 Aug 2019 09:51:03 -0400 Subject: [PATCH 330/360] cosmic is unsupported, don't build for it by default --- utils/do_debian_package.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/do_debian_package.sh b/utils/do_debian_package.sh index 7addf8362..f80bc520c 100755 --- a/utils/do_debian_package.sh +++ b/utils/do_debian_package.sh @@ -80,7 +80,7 @@ fi; if [ "$DISTROS" == "" ]; then if [ "$RELEASE" != "" ]; then - DISTROS="xenial,bionic,cosmic,disco,trusty" + DISTROS="xenial,bionic,disco,trusty" else DISTROS=`lsb_release -a 2>/dev/null | grep Codename | awk '{print $2}'`; fi; From 6a9464044b674d8ccaa3b3c3bf56ef240d463fef Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 2 Aug 2019 08:03:02 -0400 Subject: [PATCH 331/360] Demote warnings about fixing non-monotonic dts to debug --- src/zm_videostore.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zm_videostore.cpp b/src/zm_videostore.cpp index 563c06be8..8ea93047d 100644 --- a/src/zm_videostore.cpp +++ b/src/zm_videostore.cpp @@ -1010,7 +1010,7 @@ int VideoStore::writeVideoFramePacket(AVPacket *ipkt) { # if 1 if ( opkt.dts < video_out_stream->cur_dts ) { - Warning("Fixing non-monotonic dts/pts dts %" PRId64 " pts %" PRId64 " stream %" PRId64, + Debug(1, "Fixing non-monotonic dts/pts dts %" PRId64 " pts %" PRId64 " stream %" PRId64, opkt.dts, opkt.pts, video_out_stream->cur_dts); opkt.dts = video_out_stream->cur_dts; if ( opkt.dts > opkt.pts ) { From 7e6b0058d2ed80012db2b752c1d21c499edd3292 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 2 Aug 2019 08:04:38 -0400 Subject: [PATCH 332/360] Update Zone buttons. Fix double submit. Fixes #2671 --- web/includes/actions/zone.php | 2 +- web/skins/classic/views/js/zone.js | 4 +-- web/skins/classic/views/zone.php | 40 ++++++++++++++++-------------- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/web/includes/actions/zone.php b/web/includes/actions/zone.php index 692dcf11d..cc7db0226 100644 --- a/web/includes/actions/zone.php +++ b/web/includes/actions/zone.php @@ -44,7 +44,7 @@ if ( !empty($_REQUEST['mid']) && canEdit('Monitors', $_REQUEST['mid']) ) { $_REQUEST['newZone']['MaxBlobPixels'] = intval(($_REQUEST['newZone']['MaxBlobPixels']*$_REQUEST['newZone']['Area'])/100); } - unset( $_REQUEST['newZone']['Points'] ); + unset($_REQUEST['newZone']['Points']); # convert these fields to integer e.g. NULL -> 0 $types = array( diff --git a/web/skins/classic/views/js/zone.js b/web/skins/classic/views/js/zone.js index cf80e8f03..8ed5d4544 100644 --- a/web/skins/classic/views/js/zone.js +++ b/web/skins/classic/views/js/zone.js @@ -371,8 +371,8 @@ function updateY( index ) { function saveChanges( element ) { var form = element.form; - if ( validateForm( form ) ) { - submitForm( form ); + if ( validateForm(form) ) { + submitForm(form); if ( form.elements['newZone[Type]'].value == 'Privacy' ) { alert( 'Capture process for this monitor will be restarted for the Privacy zone changes to take effect.' ); } diff --git a/web/skins/classic/views/zone.php b/web/skins/classic/views/zone.php index 5f03580f7..ea4ad990c 100644 --- a/web/skins/classic/views/zone.php +++ b/web/skins/classic/views/zone.php @@ -63,7 +63,7 @@ $maxY = $monitor->Height()-1; if ( !isset($newZone) ) { if ( $zid > 0 ) { - $zone = dbFetchOne( 'SELECT * FROM Zones WHERE MonitorId = ? AND Id=?', NULL, array( $monitor->Id(), $zid ) ); + $zone = dbFetchOne('SELECT * FROM Zones WHERE MonitorId = ? AND Id=?', NULL, array($monitor->Id(), $zid)); } else { $zone = array( 'Id' => 0, @@ -98,23 +98,23 @@ if ( !isset($newZone) ) { } # end if new Zone # Ensure Zone fits within the limits of the Monitor -limitPoints( $newZone['Points'], $minX, $minY, $maxX, $maxY ); +limitPoints($newZone['Points'], $minX, $minY, $maxX, $maxY); -ksort( $newZone['Points'], SORT_NUMERIC ); +ksort($newZone['Points'], SORT_NUMERIC); -$newZone['Coords'] = pointsToCoords( $newZone['Points'] ); -$newZone['Area'] = getPolyArea( $newZone['Points'] ); -$newZone['AreaCoords'] = preg_replace( '/\s+/', ',', $newZone['Coords'] ); -$selfIntersecting = isSelfIntersecting( $newZone['Points'] ); +$newZone['Coords'] = pointsToCoords($newZone['Points']); +$newZone['Area'] = getPolyArea($newZone['Points']); +$newZone['AreaCoords'] = preg_replace('/\s+/', ',', $newZone['Coords']); +$selfIntersecting = isSelfIntersecting($newZone['Points']); $focusWindow = true; $connkey = generateConnKey(); $streamSrc = ''; $streamMode = ''; # Have to do this here, because the .js.php references somethings figured out when generating the streamHTML -$StreamHTML = getStreamHTML( $monitor, array('scale'=>$scale) ); +$StreamHTML = getStreamHTML($monitor, array('scale'=>$scale)); -xhtmlHeaders(__FILE__, translate('Zone') ); +xhtmlHeaders(__FILE__, translate('Zone')); ?>
@@ -132,7 +132,7 @@ xhtmlHeaders(__FILE__, translate('Zone') );
- +
@@ -162,7 +162,7 @@ xhtmlHeaders(__FILE__, translate('Zone') ); - + @@ -216,14 +216,14 @@ xhtmlHeaders(__FILE__, translate('Zone') ); Id(), $zone['Id'] ) ); + $other_zones = dbFetchAll('SELECT * FROM Zones WHERE MonitorId = ? AND Id != ?', NULL, array($monitor->Id(), $zone['Id'])); } else { - $other_zones = dbFetchAll( 'SELECT * FROM Zones WHERE MonitorId = ?', NULL, array( $monitor->Id() ) ); + $other_zones = dbFetchAll('SELECT * FROM Zones WHERE MonitorId = ?', NULL, array($monitor->Id())); } -if ( count( $other_zones ) ) { +if ( count($other_zones) ) { $html = ''; - foreach( $other_zones as $other_zone ) { - $other_zone['AreaCoords'] = preg_replace( '/\s+/', ',', $other_zone['Coords'] ); + foreach ( $other_zones as $other_zone ) { + $other_zone['AreaCoords'] = preg_replace('/\s+/', ',', $other_zone['Coords']); $html .= ''; } echo $html; @@ -267,9 +267,11 @@ for ( $i = 0; $i < $pointCols; $i++ ) {
- - disabled="disabled"/> - + + +
From 26720192eac08164c09577fa5e24ebdd1c2095fe Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 6 Aug 2019 20:30:06 -0400 Subject: [PATCH 333/360] bumpv ersion for copy to filtet code --- version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version b/version index 91a50ee09..bd9492a0b 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.33.13 +1.33.14 From 78e49cd2cbe6004553e221bf1ef7b6118a2ae8a0 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Wed, 7 Aug 2019 09:39:28 -0500 Subject: [PATCH 334/360] Update debian.rst fixes #2679 --- docs/installationguide/debian.rst | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/installationguide/debian.rst b/docs/installationguide/debian.rst index 1c85e704c..74a9ca81d 100644 --- a/docs/installationguide/debian.rst +++ b/docs/installationguide/debian.rst @@ -189,11 +189,17 @@ Add the following to the bottom of the file :: # Backports repository - deb http://httpredir.debian.org/debian jessie-backports main contrib non-free + deb http://archive.debian.org/debian/ jessie-backports main contrib non-free CTRL+o and to save CTRL+x to exit +Run the following + +:: + + echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until + **Step 5:** Install ZoneMinder :: From 5cc6b6b0af52a7188cada9ee5d22a629cee35cd9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 7 Aug 2019 11:15:50 -0400 Subject: [PATCH 335/360] Fix EIMOD substitution --- scripts/zmfilter.pl.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index 5cba8f1d4..074cba1b5 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -642,7 +642,7 @@ sub substituteTags { my $Monitor = $Event->Monitor() if $need_monitor; # Do we need the image information too? - my $need_images = $text =~ /%(?:EPI1|EPIM|EI1|EIM|EI1A|EIMA)%/; + my $need_images = $text =~ /%(?:EPI1|EPIM|EI1|EIM|EI1A|EIMA|EIMOD)%/; my $first_alarm_frame; my $max_alarm_frame; my $max_alarm_score = 0; From fb7ab993b5258ba34d9996e204d8e292f6a6d5fa Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 7 Aug 2019 15:34:30 -0400 Subject: [PATCH 336/360] Have to include the --daemon param when telling zmdc.pl what to do with zmfilter.pl --- web/includes/Filter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/Filter.php b/web/includes/Filter.php index d59ecda7c..ae41be4f4 100644 --- a/web/includes/Filter.php +++ b/web/includes/Filter.php @@ -124,7 +124,7 @@ class Filter extends ZM_Object { if ( !defined('ZM_SERVER_ID') or !$Server->Id() or ZM_SERVER_ID==$Server->Id() ) { # Local Logger::Debug("Controlling filter locally $command for server ".$Server->Id()); - daemonControl($command, 'zmfilter.pl', '--filter_id='.$this->{'Id'}); + daemonControl($command, 'zmfilter.pl', '--filter_id='.$this->{'Id'}.' --daemon'); } else { # Remote case From fb414b3f19de38e672bf6cf8a2d97c8758fd9435 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 7 Aug 2019 15:34:45 -0400 Subject: [PATCH 337/360] remove debug statements --- web/skins/classic/views/filter.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php index 2f159230e..0c078daf0 100644 --- a/web/skins/classic/views/filter.php +++ b/web/skins/classic/views/filter.php @@ -45,9 +45,6 @@ if ( !$filter ) { $filter = new ZM\Filter(); } -ZM\Logger::Debug("Query: " . $filter->Query_json()); -ZM\Logger::Debug("Query: " . print_r($filter->Query(), true)); - if ( isset($_REQUEST['filter']) ) { # Update our filter object with whatever changes we have made before saving #$filter->set($_REQUEST['filter']); From bf6170bf618aef2a3690606a958dacc9a35e01d9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 7 Aug 2019 15:47:12 -0400 Subject: [PATCH 338/360] Test for values in aws url and give better errors if Url empty. Don't append events dir to S3 bucket path --- scripts/ZoneMinder/lib/ZoneMinder/Event.pm | 102 +++++++++++---------- 1 file changed, 54 insertions(+), 48 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm index fd1c8297d..0fc43f24a 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm @@ -573,55 +573,61 @@ sub CopyTo { my $moved = 0; if ( $$NewStorage{Type} eq 's3fs' ) { - my ( $aws_id, $aws_secret, $aws_host, $aws_bucket ) = ( $$NewStorage{Url} =~ /^\s*([^:]+):([^@]+)@([^\/]*)\/(.+)\s*$/ ); - eval { - require Net::Amazon::S3; - require File::Slurp; - my $s3 = Net::Amazon::S3->new( { - aws_access_key_id => $aws_id, - aws_secret_access_key => $aws_secret, - ( $aws_host ? ( host => $aws_host ) : () ), - }); - my $bucket = $s3->bucket($aws_bucket); - if ( ! $bucket ) { - Error("S3 bucket $bucket not found."); - die; + if ( $$NewStorage{Url} ) { + my ( $aws_id, $aws_secret, $aws_host, $aws_bucket ) = ( $$NewStorage{Url} =~ /^\s*([^:]+):([^@]+)@([^\/]*)\/(.+)\s*$/ ); + if ( $aws_id and $aws_secret and $aws_host and $aws_bucket ) { + eval { + require Net::Amazon::S3; + require File::Slurp; + my $s3 = Net::Amazon::S3->new( { + aws_access_key_id => $aws_id, + aws_secret_access_key => $aws_secret, + ( $aws_host ? ( host => $aws_host ) : () ), + }); + my $bucket = $s3->bucket($aws_bucket); + if ( !$bucket ) { + Error("S3 bucket $bucket not found."); + die; + } + + my $event_path = $self->RelativePath(); + Debug("Making directory $event_path/"); + if ( ! $bucket->add_key($event_path.'/', '') ) { + die "Unable to add key for $event_path/"; + } + + my @files = glob("$OldPath/*"); + Debug("Files to move @files"); + foreach my $file ( @files ) { + next if $file =~ /^\./; + ( $file ) = ( $file =~ /^(.*)$/ ); # De-taint + my $starttime = [gettimeofday]; + Debug("Moving file $file to $NewPath"); + my $size = -s $file; + if ( ! $size ) { + Info('Not moving file with 0 size'); + } + my $file_contents = File::Slurp::read_file($file); + if ( ! $file_contents ) { + die 'Loaded empty file, but it had a size. Giving up'; + } + + my $filename = $event_path.'/'.File::Basename::basename($file); + if ( ! $bucket->add_key($filename, $file_contents) ) { + die "Unable to add key for $filename"; + } + my $duration = tv_interval($starttime); + Debug('PUT to S3 ' . Number::Bytes::Human::format_bytes($size) . " in $duration seconds = " . Number::Bytes::Human::format_bytes($duration?$size/$duration:$size) . '/sec'); + } # end foreach file. + + $moved = 1; + }; + Error($@) if $@; + } else { + Error("Unable to parse S3 Url into it's component parts."); } - - my $event_path = 'events/'.$self->RelativePath(); - Debug("Making directory $event_path/"); - if ( ! $bucket->add_key( $event_path.'/','' ) ) { - die "Unable to add key for $event_path/"; - } - - my @files = glob("$OldPath/*"); - Debug("Files to move @files"); - for my $file (@files) { - next if $file =~ /^\./; - ( $file ) = ( $file =~ /^(.*)$/ ); # De-taint - my $starttime = [gettimeofday]; - Debug("Moving file $file to $NewPath"); - my $size = -s $file; - if ( ! $size ) { - Info('Not moving file with 0 size'); - } - my $file_contents = File::Slurp::read_file($file); - if ( ! $file_contents ) { - die 'Loaded empty file, but it had a size. Giving up'; - } - - my $filename = $event_path.'/'.File::Basename::basename($file); - if ( ! $bucket->add_key($filename, $file_contents) ) { - die "Unable to add key for $filename"; - } - my $duration = tv_interval($starttime); - Debug('PUT to S3 ' . Number::Bytes::Human::format_bytes($size) . " in $duration seconds = " . Number::Bytes::Human::format_bytes($duration?$size/$duration:$size) . '/sec'); - } # end foreach file. - - $moved = 1; - }; - Error($@) if $@; - die $@ if $@; + #die $@ if $@; + } # end if Url } # end if s3 my $error = ''; From 3a142df14f6fca1adb4ab16e59f12981965d0c5a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 7 Aug 2019 15:51:01 -0400 Subject: [PATCH 339/360] Only send zmdc.pl commands for filters to running servers --- web/includes/Filter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/Filter.php b/web/includes/Filter.php index ae41be4f4..fbe877d7e 100644 --- a/web/includes/Filter.php +++ b/web/includes/Filter.php @@ -114,7 +114,7 @@ class Filter extends ZM_Object { } public function control($command, $server_id=null) { - $Servers = $server_id ? Server::find(array('Id'=>$server_id)) : Server::find(); + $Servers = $server_id ? Server::find(array('Id'=>$server_id)) : Server::find(array('Status'=>'Running')); if ( !count($Servers) and !$server_id ) { # This will be the non-multi-server case $Servers = array(new Server()); From c5d2aab80aa63bfb8d3ea7fe67f54a694fa43f59 Mon Sep 17 00:00:00 2001 From: Tsaukpaetra Date: Thu, 8 Aug 2019 05:47:23 -0700 Subject: [PATCH 340/360] Update faq.rst (#2680) Add new entry for timezone-related issue --- docs/faq.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/faq.rst b/docs/faq.rst index a703fd065..5b8c97f5c 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -646,6 +646,23 @@ Why am I getting broken images when trying to view events? Zoneminder and the Apache web server need to have the right permissions. Check this forum topic and similar ones: http://www.zoneminder.com/forums/viewtopic.php?p=48754#48754 + +I can review events for the current day, but ones from yesterday and beyond error out +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If you've checked that the `www-data` user has permissions to the storage folders, perhaps your php.ini's timezone setting is incorrect. They _must_ match for certain playback functions. + +If you're using Linux, this can be found using the following command: :: + + timedatectl | grep "Time zone" + +If using FreeBSD, you can use this one-liner: :: + + cd /usr/share/zoneinfo/ && find * -type f -exec cmp -s {} /etc/localtime \; -print; + +Once you know what timezone your system is set to, open `/etc/php.ini` and adjust ``date.timezone`` to the appropriate value. the PHP daemon may need to be restarted for changes to take effect. + + Why is the image from my color camera appearing in black and white? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you recently upgraded to zoneminder 1.26, there is a per camera option that defaults to black and white and can be mis-set if your upgrade didn't happen right. See this thread: http://www.zoneminder.com/forums/viewtopic.php?f=30&t=21344 @@ -728,6 +745,8 @@ What causes "Invalid JPEG file structure: two SOI markers" from zmc (1.24.x) Some settings that used to be global only are now per camera. On the Monitor Source tab, if you are using Remote Protocol "HTTP" and Remote Method "Simple", try changing Remote Method to "Regexp". + + Miscellaneous ------------------- I see ZoneMinder is licensed under the GPL. What does that allow or restrict me in doing with ZoneMinder? From 5b0509e000464200636d4c16922b894061d1eff8 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 09:26:00 -0400 Subject: [PATCH 341/360] When invalid operator terms, use print_r on the term instead of just the operator --- web/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 9e0655933..7dd4bbc0c 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -1341,7 +1341,7 @@ function parseFilter(&$filter, $saveToSession=false, $querySep='&') { $filter['sql'] .= " IS NOT $value"; break; default: - ZM\Warning("Invalid operator in filter: " . $term['op'] ); + ZM\Warning('Invalid operator in filter: ' . print_r($term['op'], true)); } // end switch op $filter['query'] .= $querySep.urlencode("filter[Query][terms][$i][op]").'='.urlencode($term['op']); From 189252867931251ae457e4aa312fccc6e58ceb5b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 09:26:15 -0400 Subject: [PATCH 342/360] quotes --- web/includes/actions/filter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/actions/filter.php b/web/includes/actions/filter.php index 8548f21d1..2e1f282c7 100644 --- a/web/includes/actions/filter.php +++ b/web/includes/actions/filter.php @@ -42,7 +42,7 @@ if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) { $filter->delete(); } else { - ZM\Error("No filter id passed when deleting"); + ZM\Error('No filter id passed when deleting'); } } else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) { From bb6d2631c93035086792e82d233eb99525e900e7 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 09:26:40 -0400 Subject: [PATCH 343/360] Fix hwaccel compile on pi --- src/zm_ffmpeg_camera.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 8c61dfcff..0acdb6c1c 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -44,6 +44,7 @@ extern "C" { #if HAVE_LIBAVUTIL_HWCONTEXT_H +#if LIBAVCODEC_VERSION_CHECK(57, 89, 0, 89, 0) static enum AVPixelFormat hw_pix_fmt; static enum AVPixelFormat get_hw_format( AVCodecContext *ctx, @@ -94,6 +95,7 @@ static enum AVPixelFormat find_fmt_by_hw_type(const enum AVHWDeviceType type) { } #endif #endif +#endif FfmpegCamera::FfmpegCamera( int p_id, @@ -155,8 +157,10 @@ FfmpegCamera::FfmpegCamera( #if HAVE_LIBAVUTIL_HWCONTEXT_H hwFrame = NULL; hw_device_ctx = NULL; +#if LIBAVCODEC_VERSION_CHECK(57, 89, 0, 89, 0) hw_pix_fmt = AV_PIX_FMT_NONE; #endif +#endif #if HAVE_LIBSWSCALE mConvertContext = NULL; @@ -437,6 +441,8 @@ int FfmpegCamera::OpenFfmpeg() { if ( hwaccel_name != "" ) { #if HAVE_LIBAVUTIL_HWCONTEXT_H + // 3.2 doesn't seem to have all the bits in place, so let's require 3.3 and up +#if LIBAVCODEC_VERSION_CHECK(57, 89, 0, 89, 0) // Print out available types enum AVHWDeviceType type = AV_HWDEVICE_TYPE_NONE; while ( (type = av_hwdevice_iterate_types(type)) != AV_HWDEVICE_TYPE_NONE ) @@ -497,6 +503,9 @@ int FfmpegCamera::OpenFfmpeg() { } else { Debug(1, "Failed to setup hwaccel."); } +#else + Debug(1, "AVCodec not new enough for hwaccel"); +#endif #else Warning("HWAccel support not compiled in."); #endif @@ -946,6 +955,7 @@ int FfmpegCamera::CaptureAndRecord( if ( error_count > 0 ) error_count--; zm_dump_video_frame(mRawFrame); #if HAVE_LIBAVUTIL_HWCONTEXT_H +#if LIBAVCODEC_VERSION_CHECK(57, 89, 0, 89, 0) if ( (hw_pix_fmt != AV_PIX_FMT_NONE) && @@ -964,10 +974,13 @@ int FfmpegCamera::CaptureAndRecord( hwFrame->pts = mRawFrame->pts; input_frame = hwFrame; } else { +#endif #endif input_frame = mRawFrame; #if HAVE_LIBAVUTIL_HWCONTEXT_H +#if LIBAVCODEC_VERSION_CHECK(57, 89, 0, 89, 0) } +#endif #endif Debug(4, "Got frame %d", frameCount); From df285006d20a7c172679db956a6170b2a550acf9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 13:34:10 -0400 Subject: [PATCH 344/360] change sortHeader to include eid if it is in the request --- web/includes/functions.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 9e0655933..f5d7d443a 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -1472,7 +1472,14 @@ function getPagination( $pages, $page, $maxShortcuts, $query, $querySep='&' function sortHeader( $field, $querySep='&' ) { global $view; - return '?view='.$view.$querySep.'page=1'.$_REQUEST['filter']['query'].$querySep.'sort_field='.$field.$querySep.'sort_asc='.($_REQUEST['sort_field'] == $field?!$_REQUEST['sort_asc']:0).$querySep.'limit='.validInt($_REQUEST['limit']); + return implode($querySep, array( + '?view='.$view, + 'page=1'.$_REQUEST['filter']['query'], + 'sort_field='.$field, + 'sort_asc='.($_REQUEST['sort_field'] == $field ? !$_REQUEST['sort_asc'] : 0), + 'limit='.validInt($_REQUEST['limit']), + ($_REQUEST['eid'] ? 'eid='.$_REQUEST['eid'] : '' ), + )); } function sortTag( $field ) { From 45b970fb0938aa8ebbefeb41a70cdde4b4bcba09 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 13:34:28 -0400 Subject: [PATCH 345/360] fix spacing --- web/skins/classic/views/frames.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php index 80d99fe3c..aec2f658b 100644 --- a/web/skins/classic/views/frames.php +++ b/web/skins/classic/views/frames.php @@ -39,7 +39,7 @@ if ( empty($_REQUEST['sort_field']) ) if ( !isset($_REQUEST['sort_asc']) ) $_REQUEST['sort_asc'] = true; -if( ! isset($_REQUEST['filter'])){ +if ( ! isset($_REQUEST['filter'])){ // generate a dummy filter from the eid for pagination $_REQUEST['filter'] = array('Query' => array( 'terms' => array( ) ) ); $_REQUEST['filter'] = addFilterTerm( @@ -53,7 +53,6 @@ parseSort(); parseFilter($_REQUEST['filter']); $filterQuery = $_REQUEST['filter']['query']; - if ( $_REQUEST['filter']['sql'] ) { $countSql .= $_REQUEST['filter']['sql']; $frameSql .= $_REQUEST['filter']['sql']; @@ -61,7 +60,6 @@ if ( $_REQUEST['filter']['sql'] ) { $frameSql .= " ORDER BY $sortColumn $sortOrder,Id $sortOrder"; - if ( isset( $_REQUEST['scale'] ) ) { $scale = validNum($_REQUEST['scale']); } else if ( isset( $_COOKIE['zmWatchScale'.$Monitor->Id()] ) ) { @@ -75,7 +73,7 @@ if ( isset( $_REQUEST['scale'] ) ) { $page = isset($_REQUEST['page']) ? validInt($_REQUEST['page']) : 1; $limit = isset($_REQUEST['limit']) ? validInt($_REQUEST['limit']) : 0; -$nFrames = dbFetchOne($countSql, 'FrameCount' ); +$nFrames = dbFetchOne($countSql, 'FrameCount'); if ( !empty($limit) && ($nFrames > $limit) ) { $nFrames = $limit; From 5f77634acaa98d77e04049ad0fda7a60397350ed Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 13:51:56 -0400 Subject: [PATCH 346/360] Update Group object to use shared code in Object.php. Should fix #2659 --- web/includes/Group.php | 139 +++-------------------------------------- 1 file changed, 8 insertions(+), 131 deletions(-) diff --git a/web/includes/Group.php b/web/includes/Group.php index 018eca501..c188b553f 100644 --- a/web/includes/Group.php +++ b/web/includes/Group.php @@ -1,127 +1,21 @@ null, 'Name' => '', 'ParentId' => null, ); - public function __construct( $IdOrRow=NULL ) { - global $group_cache; - - $row = NULL; - if ( $IdOrRow ) { - if ( is_integer($IdOrRow) or is_numeric($IdOrRow) ) { - $row = dbFetchOne('SELECT * FROM Groups WHERE Id=?', NULL, array($IdOrRow)); - if ( ! $row ) { - Error('Unable to load Group record for Id=' . $IdOrRow); - } - } elseif ( is_array($IdOrRow) ) { - $row = $IdOrRow; - } else { - $backTrace = debug_backtrace(); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Error("Unknown argument passed to Group Constructor from $file:$line)"); - Error("Unknown argument passed to Group Constructor ($IdOrRow)"); - return; - } - } # end if isset($IdOrRow) - - if ( $row ) { - foreach ($row as $k => $v) { - $this->{$k} = $v; - } - $group_cache[$row['Id']] = $this; - } - } // end function __construct - - public function __call($fn, array $args) { - if ( count($args) ) { - $this->{$fn} = $args[0]; - } - if ( array_key_exists($fn, $this) ) { - return $this->{$fn}; - } else if ( array_key_exists( $fn, $this->defaults ) ) { - $this->{$fn} = $this->defaults{$fn}; - return $this->{$fn}; - } else { - - $backTrace = debug_backtrace(); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Warning( "Unknown function call Group->$fn from $file:$line" ); - } + public static function find( $parameters = array(), $options = array() ) { + return ZM_Object::_find(get_class(), $parameters, $options); } - public static function find( $parameters = null, $options = null ) { - $sql = 'SELECT * FROM Groups '; - $values = array(); - - if ( $parameters ) { - $fields = array(); - $sql .= 'WHERE '; - foreach ( $parameters as $field => $value ) { - if ( $value == null ) { - $fields[] = $field.' IS NULL'; - } else if ( is_array( $value ) ) { - $func = function(){return '?';}; - $fields[] = $field.' IN ('.implode(',', array_map($func, $value)). ')'; - $values += $value; - } else { - $fields[] = $field.'=?'; - $values[] = $value; - } - } - $sql .= implode(' AND ', $fields); - } # end if parameters - if ( $options ) { - if ( isset($options['order']) ) { - $sql .= ' ORDER BY ' . $options['order']; - } - if ( isset($options['limit']) ) { - if ( is_integer($options['limit']) or ctype_digit($options['limit']) ) { - $sql .= ' LIMIT ' . $options['limit']; - } else { - $backTrace = debug_backtrace(); - $file = $backTrace[1]['file']; - $line = $backTrace[1]['line']; - Error("Invalid value for limit(".$options['limit'].") passed to Group::find from $file:$line"); - return array(); - } - } - } # end if options - - $results = dbFetchAll($sql, NULL, $values); - if ( $results ) { - return array_map( function($row){ return new Group($row); }, $results ); - } - return array(); - } # end find() - - public static function find_one($parameters = null, $options = null) { - global $group_cache; - if ( - ( count($parameters) == 1 ) and - isset($parameters['Id']) and - isset($group_cache[$parameters['Id']]) ) { - return $group_cache[$parameters['Id']]; - } - $results = Group::find($parameters, $options); - if ( count($results) > 1 ) { - Error("Group::find_one Returned more than 1"); - return $results[0]; - } else if ( count($results) ) { - return $results[0]; - } else { - return null; - } - } # end function find_one + public static function find_one( $parameters = array(), $options = array() ) { + return ZM_Object::_find_one(get_class(), $parameters, $options); + } public function delete() { if ( array_key_exists('Id', $this) ) { @@ -137,23 +31,6 @@ class Group { } } # end function delete() - public function set( $data ) { - foreach ($data as $k => $v) { - if ( is_array($v) ) { - $this->{$k} = $v; - } else if ( is_string($v) ) { - $this->{$k} = trim( $v ); - } else if ( is_integer($v) ) { - $this->{$k} = $v; - } else if ( is_bool($v) ) { - $this->{$k} = $v; - } else { - Error("Unknown type $k => $v of var " . gettype($v)); - $this->{$k} = $v; - } - } - } # end function set - public function depth( $new = null ) { if ( isset($new) ) { $this->{'depth'} = $new; From 2e9d72ed63c813aab8fff6cdb6b456891e3f531c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 14:11:24 -0400 Subject: [PATCH 347/360] spacing and extra () --- scripts/zmtrigger.pl.in | 120 +++++++++++++++++++++------------------- 1 file changed, 62 insertions(+), 58 deletions(-) diff --git a/scripts/zmtrigger.pl.in b/scripts/zmtrigger.pl.in index 8e1257db9..28ea6cde5 100644 --- a/scripts/zmtrigger.pl.in +++ b/scripts/zmtrigger.pl.in @@ -88,13 +88,13 @@ delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; logInit(); logSetSignal(); -Info( "Trigger daemon starting" ); +Info('Trigger daemon starting'); my $dbh = zmDbConnect(); my $base_rin = ''; foreach my $connection ( @connections ) { - Info( "Opening connection '$connection->{name}'" ); + Info("Opening connection '$connection->{name}'"); $connection->open(); } @@ -118,32 +118,32 @@ my $win = $rin; my $ein = $win; my $timeout = SELECT_TIMEOUT; my %actions; -while( 1 ) { +while (1) { $rin = $base_rin; # Add the file descriptors of any spawned connections - foreach my $fileno ( keys(%spawned_connections) ) { - vec( $rin, $fileno, 1 ) = 1; + foreach my $fileno ( keys %spawned_connections ) { + vec($rin, $fileno, 1) = 1; } - my $nfound = select( my $rout = $rin, undef, my $eout = $ein, $timeout ); + my $nfound = select(my $rout = $rin, undef, my $eout = $ein, $timeout); if ( $nfound > 0 ) { - Debug( "Got input from $nfound connections" ); + Debug("Got input from $nfound connections"); foreach my $connection ( @in_select_connections ) { - if ( vec( $rout, $connection->fileno(), 1 ) ) { - Debug( 'Got input from connection ' + if ( vec($rout, $connection->fileno(), 1) ) { + Debug('Got input from connection ' .$connection->name() .' (' .$connection->fileno() - .")" + .')' ); if ( $connection->spawns() ) { my $new_connection = $connection->accept(); $spawned_connections{$new_connection->fileno()} = $new_connection; - Debug( 'Added new spawned connection (' + Debug('Added new spawned connection (' .$new_connection->fileno() .'), ' .int(keys(%spawned_connections)) - ." spawned connections" + .' spawned connections' ); } else { my $messages = $connection->getMessages(); @@ -152,30 +152,30 @@ while( 1 ) { handleMessage( $connection, $message ); } } - } - } + } # end if connection->spawns + } # end if vec } # end foreach connection foreach my $connection ( values(%spawned_connections) ) { - if ( vec( $rout, $connection->fileno(), 1 ) ) { - Debug( 'Got input from spawned connection ' + if ( vec($rout, $connection->fileno(), 1) ) { + Debug('Got input from spawned connection ' .$connection->name() .' (' .$connection->fileno() - .")" + .')' ); my $messages = $connection->getMessages(); if ( defined($messages) ) { foreach my $message ( @$messages ) { - handleMessage( $connection, $message ); + handleMessage($connection, $message); } } else { - delete( $spawned_connections{$connection->fileno()} ); - Debug( 'Removed spawned connection (' + delete $spawned_connections{$connection->fileno()}; + Debug('Removed spawned connection (' .$connection->fileno() .'), ' .int(keys(%spawned_connections)) - ." spawned connections" + .' spawned connections' ); $connection->close(); } @@ -185,7 +185,7 @@ while( 1 ) { if ( $! == EINTR ) { # Do nothing } else { - Fatal( "Can't select: $!" ); + Fatal("Can't select: $!"); } } # end if select returned activitiy @@ -194,14 +194,14 @@ while( 1 ) { my $messages = $connection->getMessages(); if ( defined($messages) ) { foreach my $message ( @$messages ) { - handleMessage( $connection, $message ); + handleMessage($connection, $message); } } } # Check for alarms that might have happened my @out_messages; - foreach my $monitor ( values(%monitors) ) { + foreach my $monitor ( values %monitors ) { if ( ! zmMemVerify($monitor) ) { # Our attempt to verify the memory handle failed. We should reload the monitors. @@ -225,7 +225,7 @@ while( 1 ) { || ($last_event != $monitor->{LastEvent}) ) { # A new event - push( @out_messages, $monitor->{Id}."|on|".time()."|".$last_event ); + push @out_messages, $monitor->{Id}.'|on|'.time().'|'.$last_event; } else { # The same one as last time, so ignore it # Do nothing @@ -236,42 +236,44 @@ while( 1 ) { ($state == STATE_TAPE && $monitor->{LastState} != STATE_TAPE) ) { # Out of alarm state - push( @out_messages, $monitor->{Id}.'|off|'.time().'|'.$last_event ); + push @out_messages, $monitor->{Id}.'|off|'.time().'|'.$last_event; } elsif ( defined($monitor->{LastEvent}) && ($last_event != $monitor->{LastEvent}) ) { # We've missed a whole event - push( @out_messages, $monitor->{Id}.'|on|'.time().'|'.$last_event ); - push( @out_messages, $monitor->{Id}.'|off|'.time().'|'.$last_event ); + push @out_messages, $monitor->{Id}.'|on|'.time().'|'.$last_event; + push @out_messages, $monitor->{Id}.'|off|'.time().'|'.$last_event; } $monitor->{LastState} = $state; $monitor->{LastEvent} = $last_event; } # end foreach monitor + foreach my $connection ( @out_connections ) { if ( $connection->canWrite() ) { - $connection->putMessages( \@out_messages ); + $connection->putMessages(\@out_messages); } } - foreach my $connection ( values(%spawned_connections) ) { + + foreach my $connection ( values %spawned_connections ) { if ( $connection->canWrite() ) { - $connection->putMessages( \@out_messages ); + $connection->putMessages(\@out_messages); } } if ( my @action_times = keys(%actions) ) { - Debug( "Checking for timed actions" ); + Debug('Checking for timed actions'); my $now = time(); foreach my $action_time ( sort( grep { $_ < $now } @action_times ) ) { - Info( "Found actions expiring at $action_time" ); + Info("Found actions expiring at $action_time"); foreach my $action ( @{$actions{$action_time}} ) { my $connection = $action->{connection}; my $message = $action->{message}; - Info( "Found action '$message'" ); - handleMessage( $connection, $message ); + Info("Found action '$message'"); + handleMessage($connection, $message); } - delete( $actions{$action_time} ); + delete $actions{$action_time}; } } # end if have timed actions @@ -280,15 +282,16 @@ while( 1 ) { my $messages = $connection->timedActions(); if ( defined($messages) ) { foreach my $message ( @$messages ) { - handleMessage( $connection, $message ); + handleMessage($connection, $message); } } } - foreach my $connection ( values(%spawned_connections) ) { + + foreach my $connection ( values %spawned_connections ) { my $messages = $connection->timedActions(); if ( defined($messages) ) { foreach my $message ( @$messages ) { - handleMessage( $connection, $message ); + handleMessage($connection, $message); } } } @@ -317,14 +320,14 @@ exit; sub loadMonitor { my $monitor = shift; - Debug( "Loading monitor $monitor" ); - zmMemInvalidate( $monitor ); + Debug("Loading monitor $monitor"); + zmMemInvalidate($monitor); - if ( zmMemVerify( $monitor ) ) { # This will re-init shared memory - $monitor->{LastState} = zmGetMonitorState( $monitor ); - $monitor->{LastEvent} = zmGetLastEvent( $monitor ); + if ( zmMemVerify($monitor) ) { # This will re-init shared memory + $monitor->{LastState} = zmGetMonitorState($monitor); + $monitor->{LastEvent} = zmGetLastEvent($monitor); } -} +} # end sub loadMonitor sub loadMonitors { Debug('Loading monitors'); @@ -332,18 +335,19 @@ sub loadMonitors { my %new_monitors = (); - my $sql = "SELECT * FROM Monitors - WHERE find_in_set( Function, 'Modect,Mocord,Nodect' )". - ( $Config{ZM_SERVER_ID} ? 'AND ServerId=?' : '' ) + my $sql = q`SELECT * FROM Monitors + WHERE find_in_set( Function, 'Modect,Mocord,Nodect' )`. + ( $Config{ZM_SERVER_ID} ? ' AND ServerId=?' : '' ) ; my $sth = $dbh->prepare_cached( $sql ) or Fatal( "Can't prepare '$sql': ".$dbh->errstr() ); my $res = $sth->execute( $Config{ZM_SERVER_ID} ? $Config{ZM_SERVER_ID} : () ) or Fatal( "Can't execute: ".$sth->errstr() ); - while( my $monitor = $sth->fetchrow_hashref() ) { - if ( zmMemVerify( $monitor ) ) { # This will re-init shared memory - $monitor->{LastState} = zmGetMonitorState( $monitor ); - $monitor->{LastEvent} = zmGetLastEvent( $monitor ); + + while ( my $monitor = $sth->fetchrow_hashref() ) { + if ( zmMemVerify($monitor) ) { # This will re-init shared memory + $monitor->{LastState} = zmGetMonitorState($monitor); + $monitor->{LastEvent} = zmGetLastEvent($monitor); } $new_monitors{$monitor->{Id}} = $monitor; } # end while fetchrow @@ -367,7 +371,7 @@ sub handleMessage { } Debug("Found monitor for id '$id'"); - next if ( !zmMemVerify($monitor) ); + next if !zmMemVerify($monitor); Debug("Handling action '$action'"); if ( $action =~ /^(enable|disable)(?:\+(\d+))?$/ ) { @@ -412,20 +416,20 @@ sub handleMessage { zmTriggerShowtext($monitor, $showtext) if defined($showtext); Info("Trigger '$trigger'"); # Wait til it's finished - while( zmInAlarm($monitor) + while ( zmInAlarm($monitor) && ($last_event == zmGetLastEvent($monitor)) ) { # Tenth of a second usleep(100000); } zmTriggerEventCancel($monitor); - } + } # end if delay or not } # end if trigger is on or off - } elsif( $action eq 'cancel' ) { + } elsif ( $action eq 'cancel' ) { zmTriggerEventCancel($monitor); zmTriggerShowtext($monitor, $showtext) if defined($showtext); Info('Cancelled event'); - } elsif( $action eq 'show' ) { + } elsif ( $action eq 'show' ) { zmTriggerShowtext( $monitor, $showtext ); Info("Updated show text to '$showtext'"); } else { @@ -443,7 +447,7 @@ sub handleDelay { if ( !$action_array ) { $action_array = $actions{$action_time} = []; } - push( @$action_array, { connection=>$connection, message=>$action_text } ); + push @$action_array, { connection=>$connection, message=>$action_text }; Debug("Added timed event '$action_text', expires at $action_time (+$delay secs)"); } From 3368f94c1a96b871e060c45c9656a2ec841a2d76 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 14:38:27 -0400 Subject: [PATCH 348/360] Add code to handleDelay to cancel identical delayed actions. Fixes #2619 (#2681) --- scripts/zmtrigger.pl.in | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/scripts/zmtrigger.pl.in b/scripts/zmtrigger.pl.in index 28ea6cde5..eda7b2e36 100644 --- a/scripts/zmtrigger.pl.in +++ b/scripts/zmtrigger.pl.in @@ -266,12 +266,11 @@ while (1) { Debug('Checking for timed actions'); my $now = time(); foreach my $action_time ( sort( grep { $_ < $now } @action_times ) ) { - Info("Found actions expiring at $action_time"); + Info("Found " . scalar @{$actions{$action_time}} . "actions expiring at $action_time"); foreach my $action ( @{$actions{$action_time}} ) { my $connection = $action->{connection}; - my $message = $action->{message}; - Info("Found action '$message'"); - handleMessage($connection, $message); + Info("Found action '$$action{message}'"); + handleMessage($connection, $$action{message}); } delete $actions{$action_time}; } @@ -443,6 +442,21 @@ sub handleDelay { my $action_text = shift; my $action_time = time()+$delay; + + # Need to check and cancel previous actions. See issue #2619 + foreach my $a_time ( keys %actions ) { + if ( $a_time <= $action_time ) { + for ( my $i = 0; $i < @{$actions{$a_time}}; $i ++ ) { + my $action = $actions{$a_time}[$i]; + if ( $$action{message} eq $action_text ) { + Info("Found duplicate action '$$action{message}' at $a_time, cancelling it"); + splice @{$actions{$a_time}}, $i, 1; + } + } # end foreach action + delete $actions{$a_time} if !@{$actions{$a_time}}; + } # end if + } # end foreach action_time + my $action_array = $actions{$action_time}; if ( !$action_array ) { $action_array = $actions{$action_time} = []; From 38a09bbd187791fb587da95b5f097efae78c4811 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Aug 2019 15:34:07 -0400 Subject: [PATCH 349/360] Don't auto-add default storage area to header. If someone wants to see it's space in the header they can add it to storage areas --- web/skins/classic/includes/functions.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index 48632d59f..67866e247 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -286,7 +286,7 @@ function getNavBarHTML($reload = null) { ZM\Error('Potentially invalid value for ZM_LOG_DATABASE_LIMIT: ' . ZM_LOG_DATABASE_LIMIT); } } - echo makePopupLink( '?view=log', 'zmLog', 'log', ''.translate('Log').'' ); + echo makePopupLink('?view=log', 'zmLog', 'log', ''.translate('Log').''); } ?> Path()] = $area; } - if ( ! isset($storage_paths[ZM_DIR_EVENTS]) ) { - array_push( $storage_areas, new ZM\Storage() ); - } $func = function($S){ $class = ''; if ( $S->disk_usage_percent() > 98 ) { From 0cdb43e16511dbba0c948250d18123c9162dbb78 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sat, 10 Aug 2019 14:45:45 -0400 Subject: [PATCH 350/360] make dump_video_frame a define instead of a function, fix linesize --- src/zm_ffmpeg.cpp | 12 ------------ src/zm_ffmpeg.h | 10 +++++++++- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/src/zm_ffmpeg.cpp b/src/zm_ffmpeg.cpp index 1df9b7718..58d4db980 100644 --- a/src/zm_ffmpeg.cpp +++ b/src/zm_ffmpeg.cpp @@ -287,18 +287,6 @@ static void zm_log_fps(double d, const char *postfix) { } } -void zm_dump_video_frame(const AVFrame *frame, const char *text) { - Debug(1, "%s: format %d %s %dx%d linesize:%d pts: %" PRId64, - text, - frame->format, - av_get_pix_fmt_name((AVPixelFormat)frame->format), - frame->width, - frame->height, - frame->linesize, - frame->pts - ); -} - #if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0) void zm_dump_codecpar ( const AVCodecParameters *par ) { Debug(1, "Dumping codecpar codec_type(%d) codec_id(%d) codec_tag(%d) width(%d) height(%d) bit_rate(%d) format(%d = %s)", diff --git a/src/zm_ffmpeg.h b/src/zm_ffmpeg.h index 7618a461b..745754043 100644 --- a/src/zm_ffmpeg.h +++ b/src/zm_ffmpeg.h @@ -329,7 +329,15 @@ void zm_dump_codecpar(const AVCodecParameters *par); #endif -void zm_dump_video_frame(const AVFrame *frame, const char *text="Frame"); +#define zm_dump_video_frame(frame,text) Debug(1, "%s: format %d %s %dx%d linesize:%dx%d pts: %" PRId64, \ + text, \ + frame->format, \ + av_get_pix_fmt_name((AVPixelFormat)frame->format), \ + frame->width, \ + frame->height, \ + frame->linesize[0], frame->linesize[1], \ + frame->pts \ + ); #if LIBAVCODEC_VERSION_CHECK(56, 8, 0, 60, 100) #define zm_av_packet_unref( packet ) av_packet_unref( packet ) From 5b62c91cc25490d9aa992f86be3b4408b104b19d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sat, 10 Aug 2019 14:46:05 -0400 Subject: [PATCH 351/360] Improve some debugging to try to diagnose recent segfault report --- src/zm_ffmpeg_camera.cpp | 3 ++- src/zm_image.cpp | 9 ++++----- src/zm_image.h | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index 0acdb6c1c..bfda21dad 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -953,7 +953,8 @@ int FfmpegCamera::CaptureAndRecord( continue; } if ( error_count > 0 ) error_count--; - zm_dump_video_frame(mRawFrame); + Debug(3, "Decoded video packet at frame %d", frameCount); + zm_dump_video_frame(mRawFrame, "raw frame from decoder"); #if HAVE_LIBAVUTIL_HWCONTEXT_H #if LIBAVCODEC_VERSION_CHECK(57, 89, 0, 89, 0) if ( diff --git a/src/zm_image.cpp b/src/zm_image.cpp index 12c3da86e..5640af46b 100644 --- a/src/zm_image.cpp +++ b/src/zm_image.cpp @@ -497,8 +497,8 @@ uint8_t* Image::WriteBuffer(const unsigned int p_width, const unsigned int p_hei return NULL; } - if ( !p_height || !p_width ) { - Error("WriteBuffer called with invalid width or height: %d %d",p_width,p_height); + if ( ! ( p_height > 0 && p_width > 0 ) ) { + Error("WriteBuffer called with invalid width or height: %d %d", p_width, p_height); return NULL; } @@ -525,11 +525,10 @@ uint8_t* Image::WriteBuffer(const unsigned int p_width, const unsigned int p_hei colours = p_colours; subpixelorder = p_subpixelorder; pixels = height*width; - size = newsize; - } + size = newsize; + } // end if need to re-alloc buffer return buffer; - } /* Assign an existing buffer to the image instead of copying from a source buffer. The goal is to reduce the amount of memory copying and increase efficiency and buffer reusing. */ diff --git a/src/zm_image.h b/src/zm_image.h index d90d7c358..6b2448c67 100644 --- a/src/zm_image.h +++ b/src/zm_image.h @@ -56,9 +56,9 @@ extern imgbufcpy_fptr_t fptr_imgbufcpy; /* Should be called from Image class functions */ inline static uint8_t* AllocBuffer(size_t p_bufsize) { - uint8_t* buffer = (uint8_t*)zm_mallocaligned(64,p_bufsize); + uint8_t* buffer = (uint8_t*)zm_mallocaligned(64, p_bufsize); if ( buffer == NULL ) - Fatal("Memory allocation failed: %s",strerror(errno)); + Fatal("Memory allocation failed: %s", strerror(errno)); return buffer; } @@ -75,7 +75,7 @@ inline static void DumpBuffer(uint8_t* buffer, int buffertype) { av_free(buffer); */ } else { - Error( "Unknown buffer type in DumpBuffer(%d)", buffertype ); + Error("Unknown buffer type in DumpBuffer(%d)", buffertype); } } } From d75d64280dc130ea6a5bd9c5877f28420531bddd Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sun, 11 Aug 2019 15:03:15 -0500 Subject: [PATCH 352/360] Update zoneminder.spec --- distros/redhat/zoneminder.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index d064c3b94..e319f4c8f 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -23,7 +23,7 @@ %global _hardened_build 1 Name: zoneminder -Version: 1.33.12 +Version: 1.33.14 Release: 1%{?dist} Summary: A camera monitoring and analysis tool Group: System Environment/Daemons @@ -411,6 +411,9 @@ EOF %dir %attr(755,nginx,nginx) %{_localstatedir}/spool/zoneminder-upload %changelog +* Sun Aug 11 2019 Andrew Bauer - 1.33.14-1 +- Bump to 1.33.13 Development + * Sun Jul 07 2019 Andrew Bauer - 1.33.12-1 - Bump to 1.33.12 Development From c1984ad7cb630381611ffc2063eef15d95230755 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sun, 11 Aug 2019 20:21:37 -0400 Subject: [PATCH 353/360] Fix problem calculating mem_size using an int from ImageSize. With camera resolutions going up, width*height*colour could exceed 32bits. So use a guarnteed 53bit type, which fixes the memsize calculations. Fixes #2682 --- src/zm_camera.h | 4 ++-- src/zm_ffmpeg_camera.cpp | 16 ++++++++++++++-- src/zm_monitor.cpp | 10 +++++++--- 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/src/zm_camera.h b/src/zm_camera.h index cd7a024f4..a6f576af2 100644 --- a/src/zm_camera.h +++ b/src/zm_camera.h @@ -45,7 +45,7 @@ protected: unsigned int colours; unsigned int subpixelorder; unsigned int pixels; - unsigned int imagesize; + unsigned long long imagesize; int brightness; int hue; int colour; @@ -73,7 +73,7 @@ public: unsigned int Colours() const { return colours; } unsigned int SubpixelOrder() const { return subpixelorder; } unsigned int Pixels() const { return pixels; } - unsigned int ImageSize() const { return imagesize; } + unsigned long long ImageSize() const { return imagesize; } unsigned int Bytes() const { return bytes; }; virtual int Brightness( int/*p_brightness*/=-1 ) { return -1; } diff --git a/src/zm_ffmpeg_camera.cpp b/src/zm_ffmpeg_camera.cpp index bfda21dad..d9736d6a3 100644 --- a/src/zm_ffmpeg_camera.cpp +++ b/src/zm_ffmpeg_camera.cpp @@ -986,6 +986,7 @@ int FfmpegCamera::CaptureAndRecord( Debug(4, "Got frame %d", frameCount); if ( transfer_to_image(image, mFrame, input_frame) < 0 ) { + Error("Failed to transfer from frame to image"); zm_av_packet_unref(&packet); return -1; } @@ -1052,8 +1053,13 @@ int FfmpegCamera::transfer_to_image( return -1; } #if LIBAVUTIL_VERSION_CHECK(54, 6, 0, 6, 0) - av_image_fill_arrays(output_frame->data, output_frame->linesize, - directbuffer, imagePixFormat, width, height, 1); + int size = av_image_fill_arrays( + output_frame->data, output_frame->linesize, + directbuffer, imagePixFormat, width, height, 32); + if ( size < 0 ) { + Error("Problem setting up data pointers into image %s", + av_make_error_string(size).c_str()); + } #else avpicture_fill((AVPicture *)output_frame, directbuffer, imagePixFormat, width, height); @@ -1075,6 +1081,12 @@ int FfmpegCamera::transfer_to_image( ); return -1; } + Debug(1, "Setup conversion context for %dx%d %s to %dx%d %s", + input_frame->width, input_frame->height, + av_get_pix_fmt_name((AVPixelFormat)input_frame->format), + width, height, + av_get_pix_fmt_name(imagePixFormat) + ); } if ( sws_scale( diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index 787ff5e34..617426d1f 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -422,8 +422,12 @@ Monitor::Monitor( + (image_buffer_count*camera->ImageSize()) + 64; /* Padding used to permit aligning the images buffer to 64 byte boundary */ - Debug(1, "mem.size SharedData=%d TriggerData=%d VideoStoreData=%d total=%" PRId64, - sizeof(SharedData), sizeof(TriggerData), sizeof(VideoStoreData), mem_size); + Debug(1, "mem.size(%d) SharedData=%d TriggerData=%d VideoStoreData=%d timestamps=%d images=%dx%d = %" PRId64 " total=%" PRId64, + sizeof(mem_size), + sizeof(SharedData), sizeof(TriggerData), sizeof(VideoStoreData), + (image_buffer_count*sizeof(struct timeval)), + image_buffer_count, camera->ImageSize(), (image_buffer_count*camera->ImageSize()), + mem_size); mem_ptr = NULL; storage = new Storage(storage_id); @@ -599,7 +603,7 @@ bool Monitor::connect() { if ( shm_id < 0 ) { Fatal("Can't shmget, probably not enough shared memory space free: %s", strerror(errno)); } - mem_ptr = (unsigned char *)shmat( shm_id, 0, 0 ); + mem_ptr = (unsigned char *)shmat(shm_id, 0, 0); if ( mem_ptr < (void *)0 ) { Fatal("Can't shmat: %s", strerror(errno)); } From 4140d51e9f24aba2dd4ec29b96c54efb49a565a7 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 13 Aug 2019 11:45:50 -0400 Subject: [PATCH 354/360] database.php cleanup. remove dbFetchMonitor and dbFetchGroup. Their usage has been replaced with the Object::find_one usage. Also more quoting of table and colume names to fix #2659 --- web/includes/database.php | 179 +++++++++++++-------------- web/skins/classic/views/function.php | 12 +- web/skins/classic/views/plugin.php | 29 ++--- web/skins/classic/views/settings.php | 36 +++--- 4 files changed, 121 insertions(+), 135 deletions(-) diff --git a/web/includes/database.php b/web/includes/database.php index f214af58b..d941a01e0 100644 --- a/web/includes/database.php +++ b/web/includes/database.php @@ -2,25 +2,25 @@ // // ZoneMinder web database interface file, $Date$, $Revision$ // Copyright (C) 2001-2008 Philip Coombes -// +// // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. -// +// // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. -// +// // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// +// -define( 'DB_LOG_OFF', 0 ); -define( 'DB_LOG_ONLY', 1 ); -define( 'DB_LOG_DEBUG', 2 ); +define('DB_LOG_OFF', 0); +define('DB_LOG_ONLY', 1); +define('DB_LOG_DEBUG', 2); $GLOBALS['dbLogLevel'] = DB_LOG_OFF; @@ -29,10 +29,10 @@ $GLOBALS['dbConn'] = false; function dbConnect() { global $dbConn; - if (strpos(ZM_DB_HOST, ':')) { + if ( strpos(ZM_DB_HOST, ':') ) { // Host variable may carry a port or socket. list($host, $portOrSocket) = explode(':', ZM_DB_HOST, 2); - if (ctype_digit($portOrSocket)) { + if ( ctype_digit($portOrSocket) ) { $socket = ':host='.$host . ';port='.$portOrSocket; } else { $socket = ':unix_socket='.$portOrSocket; @@ -43,22 +43,22 @@ function dbConnect() { try { $dbOptions = null; - if ( defined( 'ZM_DB_SSL_CA_CERT' ) and ZM_DB_SSL_CA_CERT ) { + if ( defined('ZM_DB_SSL_CA_CERT') and ZM_DB_SSL_CA_CERT ) { $dbOptions = array( PDO::MYSQL_ATTR_SSL_CA => ZM_DB_SSL_CA_CERT, PDO::MYSQL_ATTR_SSL_KEY => ZM_DB_SSL_CLIENT_KEY, PDO::MYSQL_ATTR_SSL_CERT => ZM_DB_SSL_CLIENT_CERT, ); - $dbConn = new PDO( ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS, $dbOptions ); + $dbConn = new PDO(ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS, $dbOptions); } else { - $dbConn = new PDO( ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS ); + $dbConn = new PDO(ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS); } $dbConn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $dbConn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $ex ) { echo 'Unable to connect to ZM db.' . $ex->getMessage(); - error_log('Unable to connect to ZM DB ' . $ex->getMessage() ); + error_log('Unable to connect to ZM DB ' . $ex->getMessage()); $dbConn = null; } } @@ -89,15 +89,15 @@ function dbDebug() { dbLogDebug(); } -function dbLog( $sql, $update=false ) { +function dbLog($sql, $update=false) { global $dbLogLevel; $noExecute = $update && ($dbLogLevel >= DB_LOG_DEBUG); if ( $dbLogLevel > DB_LOG_OFF ) - ZM\Logger::Debug( "SQL-LOG: $sql".($noExecute?" (not executed)":"") ); + ZM\Logger::Debug( "SQL-LOG: $sql".($noExecute?' (not executed)':'') ); return( $noExecute ); } -function dbError( $sql ) { +function dbError($sql) { global $dbConn; $error = $dbConn->errorInfo(); if ( ! $error[0] ) @@ -110,37 +110,37 @@ function dbError( $sql ) { function dbEscape( $string ) { global $dbConn; - if ( version_compare( phpversion(), '4.3.0', '<') ) + if ( version_compare(phpversion(), '4.3.0', '<')) if ( get_magic_quotes_gpc() ) - return( $dbConn->quote( stripslashes( $string ) ) ); + return $dbConn->quote(stripslashes($string)); else - return( $dbConn->quote( $string ) ); + return $dbConn->quote($string); else if ( get_magic_quotes_gpc() ) - return( $dbConn->quote( stripslashes( $string ) ) ); + return $dbConn->quote(stripslashes($string)); else - return( $dbConn->quote( $string ) ); + return $dbConn->quote($string); } -function dbQuery( $sql, $params=NULL ) { +function dbQuery($sql, $params=NULL) { global $dbConn; - if ( dbLog( $sql, true ) ) + if ( dbLog($sql, true) ) return; $result = NULL; try { if ( isset($params) ) { - if ( ! $result = $dbConn->prepare( $sql ) ) { + if ( ! $result = $dbConn->prepare($sql) ) { ZM\Error("SQL: Error preparing $sql: " . $pdo->errorInfo); return NULL; } - if ( ! $result->execute( $params ) ) { - ZM\Error("SQL: Error executing $sql: " . implode(',', $result->errorInfo() ) ); + if ( ! $result->execute($params) ) { + ZM\Error("SQL: Error executing $sql: " . implode(',', $result->errorInfo())); return NULL; } } else { if ( defined('ZM_DB_DEBUG') ) { - ZM\Logger::Debug("SQL: $sql values:" . ($params?implode(',',$params):'') ); + ZM\Logger::Debug("SQL: $sql values:" . ($params?implode(',',$params):'')); } $result = $dbConn->query($sql); if ( ! $result ) { @@ -150,24 +150,24 @@ function dbQuery( $sql, $params=NULL ) { } if ( defined('ZM_DB_DEBUG') ) { if ( $params ) - ZM\Logger::Debug("SQL: $sql" . implode(',',$params) . ' rows: '.$result->rowCount() ); + ZM\Logger::Debug("SQL: $sql" . implode(',',$params) . ' rows: '.$result->rowCount()); else - ZM\Logger::Debug("SQL: $sql: rows:" . $result->rowCount() ); + ZM\Logger::Debug("SQL: $sql: rows:" . $result->rowCount()); } } catch(PDOException $e) { - ZM\Error( "SQL-ERR '".$e->getMessage()."', statement was '".$sql."' params:" . ($params?implode(',',$params):'') ); + ZM\Error("SQL-ERR '".$e->getMessage()."', statement was '".$sql."' params:" . ($params?implode(',',$params):'')); return NULL; } return $result; } -function dbFetchOne( $sql, $col=false, $params=NULL ) { - $result = dbQuery( $sql, $params ); - if ( ! $result ) { - ZM\Error( "SQL-ERR dbFetchOne no result, statement was '".$sql."'" . ( $params ? 'params: ' . join(',',$params) : '' ) ); +function dbFetchOne($sql, $col=false, $params=NULL) { + $result = dbQuery($sql, $params); + if ( !$result ) { + ZM\Error("SQL-ERR dbFetchOne no result, statement was '".$sql."'".($params ? 'params: ' . join(',',$params) : '')); return false; } - if ( ! $result->rowCount() ) { + if ( !$result->rowCount() ) { # No rows is not an error return false; } @@ -179,109 +179,109 @@ function dbFetchOne( $sql, $col=false, $params=NULL ) { return false; } return $dbRow[$col]; - } + } return $dbRow; } return false; } -function dbFetchAll( $sql, $col=false, $params=NULL ) { - $result = dbQuery( $sql, $params ); +function dbFetchAll($sql, $col=false, $params=NULL) { + $result = dbQuery($sql, $params); if ( ! $result ) { - ZM\Error( "SQL-ERR dbFetchAll no result, statement was '".$sql."'" . ( $params ? 'params: ' .join(',', $params) : '' ) ); + ZM\Error("SQL-ERR dbFetchAll no result, statement was '".$sql."'".($params ? 'params: '.join(',', $params) : '')); return false; } $dbRows = array(); - while( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) - $dbRows[] = $col?$dbRow[$col]:$dbRow; + while ( $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) + $dbRows[] = $col ? $dbRow[$col] : $dbRow; return $dbRows; } -function dbFetchAssoc( $sql, $indexCol, $dataCol=false ) { - $result = dbQuery( $sql ); +function dbFetchAssoc($sql, $indexCol, $dataCol=false) { + $result = dbQuery($sql); $dbRows = array(); - while( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) - $dbRows[$dbRow[$indexCol]] = $dataCol?$dbRow[$dataCol]:$dbRow; - return( $dbRows ); + while( $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) + $dbRows[$dbRow[$indexCol]] = $dataCol ? $dbRow[$dataCol] : $dbRow; + return $dbRows; } -function dbFetch( $sql, $col=false ) { - return( dbFetchAll( $sql, $col ) ); +function dbFetch($sql, $col=false) { + return dbFetchAll($sql, $col); } -function dbFetchNext( $result, $col=false ) { - if ( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) - return( $col?$dbRow[$col]:$dbRow ); - return( false ); +function dbFetchNext($result, $col=false) { + if ( $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) + return $col ? $dbRow[$col] : $dbRow; + return false; } function dbNumRows( $sql ) { - $result = dbQuery( $sql ); - return( $result->rowCount() ); + $result = dbQuery($sql); + return $result->rowCount(); } function dbInsertId() { global $dbConn; - return( $dbConn->lastInsertId() ); + return $dbConn->lastInsertId(); } -function getEnumValues( $table, $column ) { - $row = dbFetchOne( "describe $table $column" ); - preg_match_all( "/'([^']+)'/", $row['Type'], $matches ); - return( $matches[1] ); +function getEnumValues($table, $column) { + $row = dbFetchOne("DESCRIBE `$table` `$column`"); + preg_match_all("/'([^']+)'/", $row['Type'], $matches); + return $matches[1]; } -function getSetValues( $table, $column ) { - return( getEnumValues( $table, $column ) ); +function getSetValues($table, $column) { + return getEnumValues($table, $column); } -function getUniqueValues( $table, $column, $asString=1 ) { +function getUniqueValues($table, $column, $asString=1) { $values = array(); - $sql = "select distinct $column from $table where (not isnull($column) and $column != '') order by $column"; - foreach( dbFetchAll( $sql ) as $row ) { + $sql = "SELECT DISTINCT `$column` FROM `$table` WHERE (NOT isnull(`$column`) AND `$column` != '') ORDER BY `$column`"; + foreach ( dbFetchAll($sql) as $row ) { if ( $asString ) $values[$row[$column]] = $row[$column]; else $values[] = $row[$column]; } - return( $values ); -} + return $values; +} function getTableColumns( $table, $asString=1 ) { $columns = array(); - $sql = "describe $table"; - foreach( dbFetchAll( $sql ) as $row ) { + $sql = "DESCRIBE `$table`"; + foreach ( dbFetchAll($sql) as $row ) { if ( $asString ) $columns[$row['Field']] = $row['Type']; else $columns[] = $row['Type']; } - return( $columns ); -} + return $columns; +} function getTableAutoInc( $table ) { - $row = dbFetchOne( 'show table status where Name=?', NULL, array($table) ); - return( $row['Auto_increment'] ); + $row = dbFetchOne('SHOW TABLE status WHERE Name=?', NULL, array($table)); + return $row['Auto_increment']; } function getTableDescription( $table, $asString=1 ) { $columns = array(); - foreach( dbFetchAll( "describe $table" ) as $row ) { + foreach( dbFetchAll("DESCRIBE `$table`") as $row ) { $desc = array( 'name' => $row['Field'], 'required' => ($row['Null']=='NO')?true:false, 'default' => $row['Default'], 'db' => $row, ); - if ( preg_match( "/^varchar\((\d+)\)$/", $row['Type'], $matches ) ) { + if ( preg_match('/^varchar\((\d+)\)$/', $row['Type'], $matches) ) { $desc['type'] = 'text'; $desc['typeAttrib'] = 'varchar'; $desc['maxLength'] = $matches[1]; - } elseif ( preg_match( "/^(\w+)?text$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(\w+)?text$/', $row['Type'], $matches) ) { $desc['type'] = 'text'; - if (!empty($matches[1]) ) + if ( !empty($matches[1]) ) $desc['typeAttrib'] = $matches[1]; switch ( $matches[1] ) { case 'tiny' : @@ -295,15 +295,15 @@ function getTableDescription( $table, $asString=1 ) { //$desc['minLength'] = -128; break; default : - ZM\Error( "Unexpected text qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'" ); + ZM\Error("Unexpected text qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'"); break; } - } elseif ( preg_match( "/^(enum|set)\((.*)\)$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(enum|set)\((.*)\)$/', $row['Type'], $matches) ) { $desc['type'] = 'text'; $desc['typeAttrib'] = $matches[1]; - preg_match_all( "/'([^']+)'/", $matches[2], $matches ); + preg_match_all("/'([^']+)'/", $matches[2], $matches); $desc['values'] = $matches[1]; - } elseif ( preg_match( "/^(\w+)?int\(\d+\)(?:\s+(unsigned))?$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(\w+)?int\(\d+\)(?:\s+(unsigned))?$/', $row['Type'], $matches) ) { $desc['type'] = 'integer'; switch ( $matches[1] ) { case 'tiny' : @@ -327,7 +327,7 @@ function getTableDescription( $table, $asString=1 ) { //$desc['maxValue'] = 127; break; default : - ZM\Error( "Unexpected integer qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'" ); + ZM\Error("Unexpected integer qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'"); break; } if ( !empty($matches[1]) ) @@ -336,7 +336,7 @@ function getTableDescription( $table, $asString=1 ) { $desc['maxValue'] += (-$desc['minValue']); $desc['minValue'] = 0; } - } elseif ( preg_match( "/^(?:decimal|numeric)\((\d+)(?:,(\d+))?\)(?:\s+(unsigned))?$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(?:decimal|numeric)\((\d+)(?:,(\d+))?\)(?:\s+(unsigned))?$/', $row['Type'], $matches) ) { $desc['type'] = 'fixed'; $desc['range'] = $matches[1]; if ( isset($matches[2]) ) @@ -344,7 +344,7 @@ function getTableDescription( $table, $asString=1 ) { else $desc['precision'] = 0; $desc['unsigned'] = ( isset($matches[3]) && $matches[3] == 'unsigned' ); - } elseif ( preg_match( "/^(datetime|timestamp|date|time)$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(datetime|timestamp|date|time)$/', $row['Type'], $matches) ) { $desc['type'] = 'datetime'; switch ( $desc['typeAttrib'] = $matches[1] ) { case 'datetime' : @@ -362,7 +362,7 @@ function getTableDescription( $table, $asString=1 ) { break; } } else { - ZM\Error( "Can't parse database type '".$row['Type']."' found for field '".$row['Field']."' in table '".$table."'" ); + ZM\Error("Can't parse database type '".$row['Type']."' found for field '".$row['Field']."' in table '".$table."'"); } if ( $asString ) @@ -370,15 +370,6 @@ function getTableDescription( $table, $asString=1 ) { else $columns[] = $desc; } - return( $columns ); -} - -function dbFetchMonitor( $mid ) { - return( dbFetchOne( 'select * from Monitors where Id = ?', NULL, array($mid) ) ); + return $columns; } - -function dbFetchGroup( $gid ) { - return( dbFetchOne( 'select * from Groups where Id = ?', NULL, array($gid) ) ); -} - ?> diff --git a/web/skins/classic/views/function.php b/web/skins/classic/views/function.php index 506bc006b..1cd2985ef 100644 --- a/web/skins/classic/views/function.php +++ b/web/skins/classic/views/function.php @@ -23,34 +23,34 @@ if ( !canEdit('Monitors') ) { return; } -$monitor = dbFetchMonitor($_REQUEST['mid']); +$monitor = ZM\Monitor::find_one(array('Id'=>$_REQUEST['mid'])); $focusWindow = true; -xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor['Name'])); +xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor->Name())); ?>
- +

- checked="checked"/> + Enabled()) ) { ?> checked="checked"/>

diff --git a/web/skins/classic/views/plugin.php b/web/skins/classic/views/plugin.php index ea7a9f347..4f41b3fbd 100644 --- a/web/skins/classic/views/plugin.php +++ b/web/skins/classic/views/plugin.php @@ -19,23 +19,21 @@ // -if ( !canView( 'Monitors' ) ) -{ - $view = "error"; - return; +if ( !canView('Monitors') ) { + $view = 'error'; + return; } $mid = validInt($_REQUEST['mid']); $zid = !empty($_REQUEST['zid'])?validInt($_REQUEST['zid']):0; - if ( $zid > 0 ) { - $newZone = dbFetchOne( 'SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array( $mid, $zid) ); + $newZone = dbFetchOne('SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array($mid, $zid)); } else { - $view = "error"; + $view = 'error'; return; } -$monitor = dbFetchMonitor ( $mid ); +$monitor = ZM\Monitor::find_one($mid); // Only allow certain filename characters (not including a period) to prevent directory traversal. $plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']); @@ -104,7 +102,7 @@ function pLang($name)
@@ -115,16 +113,14 @@ function pLang($name)
- +
$popt) -{ - ?> +foreach($pluginOptions as $name => $popt) { +?> $popt) - + - + - + - +
disabled="disabled"/> disabled="disabled"/>
disabled="disabled"/>/>
disabled="disabled"/>/>
disabled="disabled"/>/>
- disabled="disabled"/> + +
From 74e414eb0014a52fcfa2919a25f45cd8518e1afe Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 13 Aug 2019 15:33:38 -0400 Subject: [PATCH 355/360] Clean up ugly hack in CopyTo. Do not modify the object resulting in cached crap --- scripts/ZoneMinder/lib/ZoneMinder/Event.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm index 0fc43f24a..25cfebb5c 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm @@ -562,8 +562,8 @@ sub CopyTo { return 'Old Storage path changed, Event has moved somewhere else.'; } - $$self{Storage} = $NewStorage; - ( $NewPath ) = ( $self->Path(undef) =~ /^(.*)$/ ); # De-taint + $NewPath .= $self->Relative_Path(); + $NewPath = ( $NewPath =~ /^(.*)$/ ); # De-taint if ( $NewPath eq $OldPath ) { $ZoneMinder::Database::dbh->commit(); return "New path and old path are the same! $NewPath"; @@ -685,7 +685,7 @@ sub MoveTo { # Succeeded in copying all files, so we may now update the Event. $$self{StorageId} = $$NewStorage{Id}; - $$self{Storage} = $NewStorage; + $self->Storage($NewStorage); $error .= $self->save(); if ( $error ) { $ZoneMinder::Database::dbh->commit(); From c7b6db9be7fe274b36b9c3f84f76e0c6b7714334 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 14 Aug 2019 16:18:21 -0400 Subject: [PATCH 356/360] Put backticks around all columns and tables in sql to deal with mysql 8 --- src/zm_config.cpp | 4 ++-- src/zm_eventstream.cpp | 20 ++++++++++---------- src/zm_group.cpp | 2 +- src/zm_monitor.cpp | 42 +++++++++++++++++++++--------------------- src/zm_storage.cpp | 2 +- src/zm_user.cpp | 10 +++++----- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/src/zm_config.cpp b/src/zm_config.cpp index f9e11e59b..68c9eae08 100644 --- a/src/zm_config.cpp +++ b/src/zm_config.cpp @@ -68,7 +68,7 @@ void zmLoadConfig() { if ( ! staticConfig.SERVER_NAME.empty() ) { Debug( 1, "Fetching ZM_SERVER_ID For Name = %s", staticConfig.SERVER_NAME.c_str() ); - std::string sql = stringtf("SELECT Id FROM Servers WHERE Name='%s'", staticConfig.SERVER_NAME.c_str() ); + std::string sql = stringtf("SELECT `Id` FROM `Servers` WHERE `Name`='%s'", staticConfig.SERVER_NAME.c_str() ); zmDbRow dbrow; if ( dbrow.fetch( sql.c_str() ) ) { staticConfig.SERVER_ID = atoi(dbrow[0]); @@ -79,7 +79,7 @@ void zmLoadConfig() { } // end if has SERVER_NAME } else if ( staticConfig.SERVER_NAME.empty() ) { Debug( 1, "Fetching ZM_SERVER_NAME For Id = %d", staticConfig.SERVER_ID ); - std::string sql = stringtf("SELECT Name FROM Servers WHERE Id='%d'", staticConfig.SERVER_ID ); + std::string sql = stringtf("SELECT `Name` FROM `Servers` WHERE `Id`='%d'", staticConfig.SERVER_ID ); zmDbRow dbrow; if ( dbrow.fetch( sql.c_str() ) ) { diff --git a/src/zm_eventstream.cpp b/src/zm_eventstream.cpp index 36e8d097d..4b894c153 100644 --- a/src/zm_eventstream.cpp +++ b/src/zm_eventstream.cpp @@ -44,9 +44,9 @@ bool EventStream::loadInitialEventData(int monitor_id, time_t event_time) { static char sql[ZM_SQL_SML_BUFSIZ]; - snprintf(sql, sizeof(sql), "SELECT Id FROM Events WHERE " - "MonitorId = %d AND unix_timestamp(EndTime) > %ld " - "ORDER BY Id ASC LIMIT 1", monitor_id, event_time); + snprintf(sql, sizeof(sql), "SELECT `Id` FROM `Events` WHERE " + "`MonitorId` = %d AND unix_timestamp(`EndTime`) > %ld " + "ORDER BY `Id` ASC LIMIT 1", monitor_id, event_time); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); @@ -115,9 +115,9 @@ bool EventStream::loadEventData(uint64_t event_id) { static char sql[ZM_SQL_MED_BUFSIZ]; snprintf(sql, sizeof(sql), - "SELECT MonitorId, StorageId, Frames, unix_timestamp( StartTime ) AS StartTimestamp, " - "(SELECT max(Delta)-min(Delta) FROM Frames WHERE EventId=Events.Id) AS Duration, " - "DefaultVideo, Scheme, SaveJPEGs FROM Events WHERE Id = %" PRIu64, event_id); + "SELECT `MonitorId`, `StorageId`, `Frames`, unix_timestamp( `StartTime` ) AS StartTimestamp, " + "(SELECT max(`Delta`)-min(`Delta`) FROM `Frames` WHERE `EventId`=`Events.Id`) AS Duration, " + "`DefaultVideo`, `Scheme`, `SaveJPEGs` FROM `Events` WHERE `Id` = %" PRIu64, event_id); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); @@ -210,8 +210,8 @@ bool EventStream::loadEventData(uint64_t event_id) { Debug(3, "fps set by frame_count(%d)/duration(%f)", event_data->frame_count, event_data->duration); - snprintf(sql, sizeof(sql), "SELECT FrameId, unix_timestamp(`TimeStamp`), Delta " - "FROM Frames WHERE EventId = %" PRIu64 " ORDER BY FrameId ASC", event_id); + snprintf(sql, sizeof(sql), "SELECT `FrameId`, unix_timestamp(`TimeStamp`), `Delta` " + "FROM `Frames` WHERE `EventId` = %" PRIu64 " ORDER BY `FrameId` ASC", event_id); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); exit(mysql_errno(&dbconn)); @@ -542,11 +542,11 @@ void EventStream::checkEventLoaded() { if ( curr_frame_id <= 0 ) { snprintf(sql, sizeof(sql), - "SELECT Id FROM Events WHERE MonitorId = %ld AND Id < %" PRIu64 " ORDER BY Id DESC LIMIT 1", + "SELECT `Id` FROM `Events` WHERE `MonitorId` = %ld AND `Id` < %" PRIu64 " ORDER BY `Id` DESC LIMIT 1", event_data->monitor_id, event_data->event_id); } else if ( (unsigned int)curr_frame_id > event_data->frame_count ) { snprintf(sql, sizeof(sql), - "SELECT Id FROM Events WHERE MonitorId = %ld AND Id > %" PRIu64 " ORDER BY Id ASC LIMIT 1", + "SELECT `Id` FROM `Events` WHERE `MonitorId` = %ld AND `Id` > %" PRIu64 " ORDER BY `Id` ASC LIMIT 1", event_data->monitor_id, event_data->event_id); } else { // No event change required diff --git a/src/zm_group.cpp b/src/zm_group.cpp index 7b96920b8..070d3b571 100644 --- a/src/zm_group.cpp +++ b/src/zm_group.cpp @@ -46,7 +46,7 @@ Group::Group(unsigned int p_id) { if ( p_id ) { char sql[ZM_SQL_SML_BUFSIZ]; - snprintf(sql, sizeof(sql), "SELECT Id, ParentId, Name FROM Group WHERE Id=%d", p_id); + snprintf(sql, sizeof(sql), "SELECT `Id`, `ParentId`, `Name` FROM `Group` WHERE `Id`=%d", p_id); Debug(2,"Loading Group for %d using %s", p_id, sql); zmDbRow dbrow; if ( !dbrow.fetch(sql) ) { diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index 617426d1f..1b9442f75 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -68,19 +68,19 @@ // This is the official SQL (and ordering of the fields) to load a Monitor. // It will be used whereever a Monitor dbrow is needed. WHERE conditions can be appended std::string load_monitor_sql = -"SELECT Id, Name, ServerId, StorageId, Type, Function+0, Enabled, LinkedMonitors, " -"AnalysisFPSLimit, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS," -"Device, Channel, Format, V4LMultiBuffer, V4LCapturesPerFrame, " // V4L Settings -"Protocol, Method, Options, User, Pass, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, " -"DecoderHWAccelName, DecoderHWAccelDevice, RTSPDescribe, " -"SaveJPEGs, VideoWriter, EncoderParameters, " +"SELECT `Id`, `Name`, `ServerId`, `StorageId`, `Type`, `Function`+0, `Enabled`, `LinkedMonitors`, " +"`AnalysisFPSLimit`, `AnalysisUpdateDelay`, `MaxFPS`, `AlarmMaxFPS`," +"`Device`, `Channel`, `Format`, `V4LMultiBuffer`, `V4LCapturesPerFrame`, " // V4L Settings +"`Protocol`, `Method`, `Options`, `User`, `Pass`, `Host`, `Port`, `Path`, `Width`, `Height`, `Colours`, `Palette`, `Orientation`+0, `Deinterlacing`, " +"`DecoderHWAccelName`, `DecoderHWAccelDevice`, `RTSPDescribe`, " +"`SaveJPEGs`, `VideoWriter`, `EncoderParameters`, " //" OutputCodec, Encoder, OutputContainer, " -"RecordAudio, " -"Brightness, Contrast, Hue, Colour, " -"EventPrefix, LabelFormat, LabelX, LabelY, LabelSize," -"ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, " -"SectionLength, MinSectionLength, FrameSkip, MotionFrameSkip, " -"FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif, SignalCheckPoints, SignalCheckColour FROM Monitors"; +"`RecordAudio`, " +"`Brightness`, `Contrast`, `Hue`, `Colour`, " +"`EventPrefix`, `LabelFormat`, `LabelX`, `LabelY`, `LabelSize`," +"`ImageBufferCount`, `WarmupCount`, `PreEventCount`, `PostEventCount`, `StreamReplayBuffer`, `AlarmFrameCount`, " +"`SectionLength`, `MinSectionLength`, `FrameSkip`, `MotionFrameSkip`, " +"`FPSReportInterval`, `RefBlendPerc`, `AlarmRefBlendPerc`, `TrackMotion`, `Exif`, `SignalCheckPoints`, `SignalCheckColour` FROM `Monitors`"; std::string CameraType_Strings[] = { "Local", @@ -1136,7 +1136,7 @@ void Monitor::DumpZoneImage(const char *zone_string) { } else { Debug(3, "Trying to load from event"); // Grab the most revent event image - std::string sql = stringtf("SELECT MAX(Id) FROM Events WHERE MonitorId=%d AND Frames > 0", id); + std::string sql = stringtf("SELECT MAX(`Id`) FROM `Events` WHERE `MonitorId`=%d AND `Frames` > 0", id); zmDbRow eventid_row; if ( eventid_row.fetch(sql.c_str()) ) { uint64_t event_id = atoll(eventid_row[0]); @@ -1803,12 +1803,12 @@ void Monitor::Reload() { static char sql[ZM_SQL_MED_BUFSIZ]; // This seems to have fallen out of date. snprintf(sql, sizeof(sql), - "SELECT Function+0, Enabled, LinkedMonitors, EventPrefix, LabelFormat, " - "LabelX, LabelY, LabelSize, WarmupCount, PreEventCount, PostEventCount, " - "AlarmFrameCount, SectionLength, MinSectionLength, FrameSkip, " - "MotionFrameSkip, AnalysisFPSLimit, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, " - "FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, " - "SignalCheckColour FROM Monitors WHERE Id = '%d'", id); + "SELECT `Function`+0, `Enabled`, `LinkedMonitors`, `EventPrefix`, `LabelFormat`, " + "`LabelX`, `LabelY`, `LabelSize`, `WarmupCount`, `PreEventCount`, `PostEventCount`, " + "`AlarmFrameCount`, `SectionLength`, `MinSectionLength`, `FrameSkip`, " + "`MotionFrameSkip`, `AnalysisFPSLimit`, `AnalysisUpdateDelay`, `MaxFPS`, `AlarmMaxFPS`, " + "`FPSReportInterval`, `RefBlendPerc`, `AlarmRefBlendPerc`, `TrackMotion`, " + "`SignalCheckColour` FROM `Monitors` WHERE `Id` = '%d'", id); zmDbRow *row = zmDbFetchOne(sql); if ( !row ) { @@ -2865,8 +2865,8 @@ std::vector Monitor::Groups() { // At the moment, only load groups once. if ( !groups.size() ) { std::string sql = stringtf( - "SELECT Id,ParentId,Name FROM Groups WHERE Groups.Id IN " - "(SELECT GroupId FROM Groups_Monitors WHERE MonitorId=%d)",id); + "SELECT `Id`, `ParentId`, `Name` FROM `Groups` WHERE `Groups.Id` IN " + "(SELECT `GroupId` FROM `Groups_Monitors` WHERE `MonitorId`=%d)",id); MYSQL_RES *result = zmDbFetch(sql.c_str()); if ( !result ) { Error("Can't load groups: %s", mysql_error(&dbconn)); diff --git a/src/zm_storage.cpp b/src/zm_storage.cpp index ff2ba4997..4bba82bab 100644 --- a/src/zm_storage.cpp +++ b/src/zm_storage.cpp @@ -62,7 +62,7 @@ Storage::Storage( unsigned int p_id ) { if ( p_id ) { char sql[ZM_SQL_SML_BUFSIZ]; - snprintf(sql, sizeof(sql), "SELECT Id, Name, Path, Type, Scheme FROM Storage WHERE Id=%d", p_id); + snprintf(sql, sizeof(sql), "SELECT `Id`, `Name`, `Path`, `Type`, `Scheme` FROM `Storage` WHERE `Id`=%d", p_id); Debug(2,"Loading Storage for %d using %s", p_id, sql ); zmDbRow dbrow; if ( !dbrow.fetch(sql) ) { diff --git a/src/zm_user.cpp b/src/zm_user.cpp index b873b8547..52da3ba98 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -99,8 +99,8 @@ User *zmLoadUser( const char *username, const char *password ) { snprintf(sql, sizeof(sql), - "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users where Username = '%s' and Enabled = 1", safer_username ); + "SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds`" + " FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", safer_username ); if ( mysql_query(&dbconn, sql) ) { @@ -162,8 +162,8 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if (username != "") { char sql[ZM_SQL_MED_BUFSIZ] = ""; snprintf(sql, sizeof(sql), - "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds, TokenMinExpiry" - " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); + "SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds`, `TokenMinExpiry`" + " FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", username.c_str() ); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); @@ -228,7 +228,7 @@ User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) { Debug( 1, "Attempting to authenticate user from auth string '%s'", auth ); char sql[ZM_SQL_SML_BUFSIZ] = ""; - snprintf( sql, sizeof(sql), "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds FROM Users WHERE Enabled = 1" ); + snprintf( sql, sizeof(sql), "SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds` FROM `Users` WHERE `Enabled` = 1" ); if ( mysql_query( &dbconn, sql ) ) { Error( "Can't run query: %s", mysql_error( &dbconn ) ); From f09941ed4852fd14279938ff472e5b328a96e173 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 15 Aug 2019 15:16:02 -0400 Subject: [PATCH 357/360] timezone errors shouldn't be fatal --- web/includes/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 65633a04d..2524ef65f 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -2400,13 +2400,13 @@ function check_timezone() { #"); if ( $sys_tzoffset != $php_tzoffset ) - ZM\Fatal("ZoneMinder is not installed properly: php's date.timezone does not match the system timezone!"); + ZM\Error("ZoneMinder is not installed properly: php's date.timezone does not match the system timezone!"); if ( $sys_tzoffset != $mysql_tzoffset ) ZM\Error("ZoneMinder is not installed properly: mysql's timezone does not match the system timezone! Event lists will display incorrect times."); if (!ini_get('date.timezone') || !date_default_timezone_set(ini_get('date.timezone'))) - ZM\Fatal( "ZoneMinder is not installed properly: php's date.timezone is not set to a valid timezone" ); + ZM\Error("ZoneMinder is not installed properly: php's date.timezone is not set to a valid timezone"); } From 1103928ed73748a6d1d6f597fb583490186481a9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 15 Aug 2019 15:16:20 -0400 Subject: [PATCH 358/360] only call check_timezone on console for efficiency in all other requests --- web/index.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/web/index.php b/web/index.php index a4f6160d4..11207f02a 100644 --- a/web/index.php +++ b/web/index.php @@ -77,8 +77,6 @@ if ( $_SERVER['REQUEST_METHOD'] == 'OPTIONS' ) { return; } -// Verify the system, php, and mysql timezones all match -check_timezone(); if ( isset($_GET['skin']) ) { $skin = $_GET['skin']; @@ -169,6 +167,7 @@ $view = null; if ( isset($_REQUEST['view']) ) $view = detaintPath($_REQUEST['view']); + # Add CSP Headers $cspNonce = bin2hex(openssl_random_pseudo_bytes(16)); @@ -193,6 +192,11 @@ isset($view) || $view = NULL; isset($request) || $request = NULL; isset($action) || $action = NULL; +if ( (!$view and !$request) or ($view == 'console') ) { + // Verify the system, php, and mysql timezones all match + check_timezone(); +} + ZM\Logger::Debug("View: $view Request: $request Action: $action User: " . ( isset($user) ? $user['Username'] : 'none' )); if ( ZM_ENABLE_CSRF_MAGIC && From 68052368f7c5b8913c26757b664ad6fcfd5d0fe7 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 15 Aug 2019 16:04:37 -0400 Subject: [PATCH 359/360] use backticks on table and column names. Use data-on-change-this in group dropdown --- web/includes/Group.php | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/web/includes/Group.php b/web/includes/Group.php index c188b553f..a2ad252cd 100644 --- a/web/includes/Group.php +++ b/web/includes/Group.php @@ -118,13 +118,13 @@ class Group extends ZM_Object { if ( is_array($group_id) ) { $group_id_sql_part = ' IN ('.implode(',', array_map(function(){return '?';}, $group_id ) ).')'; - $MonitorIds = dbFetchAll('SELECT MonitorId FROM Groups_Monitors WHERE GroupId'.$group_id_sql_part, 'MonitorId', $group_id); + $MonitorIds = dbFetchAll('SELECT `MonitorId` FROM `Groups_Monitors` WHERE `GroupId`'.$group_id_sql_part, 'MonitorId', $group_id); - $MonitorIds = array_merge($MonitorIds, dbFetchAll('SELECT MonitorId FROM Groups_Monitors WHERE GroupId IN (SELECT Id FROM Groups WHERE ParentId'.$group_id_sql_part.')', 'MonitorId', $group_id)); + $MonitorIds = array_merge($MonitorIds, dbFetchAll('SELECT `MonitorId` FROM `Groups_Monitors` WHERE `GroupId` IN (SELECT `Id` FROM `Groups` WHERE `ParentId`'.$group_id_sql_part.')', 'MonitorId', $group_id)); } else { - $MonitorIds = dbFetchAll('SELECT MonitorId FROM Groups_Monitors WHERE GroupId=?', 'MonitorId', array($group_id)); + $MonitorIds = dbFetchAll('SELECT `MonitorId` FROM `Groups_Monitors` WHERE `GroupId`=?', 'MonitorId', array($group_id)); - $MonitorIds = array_merge($MonitorIds, dbFetchAll('SELECT MonitorId FROM Groups_Monitors WHERE GroupId IN (SELECT Id FROM Groups WHERE ParentId = ?)', 'MonitorId', array($group_id))); + $MonitorIds = array_merge($MonitorIds, dbFetchAll('SELECT `MonitorId` FROM `Groups_Monitors` WHERE `GroupId` IN (SELECT `Id` FROM `Groups` WHERE `ParentId` = ?)', 'MonitorId', array($group_id))); } $groupSql = " find_in_set( M.Id, '".implode(',', $MonitorIds)."' )"; } @@ -132,17 +132,17 @@ class Group extends ZM_Object { } # end public static function get_group_sql( $group_id ) public static function get_monitors_dropdown($options = null) { - $monitor_id = 0; - if ( isset($_REQUEST['monitor_id']) ) { - $monitor_id = $_REQUEST['monitor_id']; - } else if ( isset($_COOKIE['zmMonitorId']) ) { - $monitor_id = $_COOKIE['zmMonitorId']; - } - $sql = 'SELECT * FROM Monitors'; + $monitor_id = 0; + if ( isset($_REQUEST['monitor_id']) ) { + $monitor_id = $_REQUEST['monitor_id']; + } else if ( isset($_COOKIE['zmMonitorId']) ) { + $monitor_id = $_COOKIE['zmMonitorId']; + } + $sql = 'SELECT `Id`,`Name` FROM `Monitors`'; if ( $options ) { $sql .= ' WHERE '. implode(' AND ', array( ( isset($options['groupSql']) ? $options['groupSql']:'') - ) ).' ORDER BY Sequence ASC'; + ) ).' ORDER BY `Sequence` ASC'; } $monitors_dropdown = array(''=>'All'); @@ -153,7 +153,7 @@ class Group extends ZM_Object { $monitors_dropdown[$monitor['Id']] = $monitor['Name']; } - echo htmlSelect('monitor_id', $monitors_dropdown, $monitor_id, array('onchange'=>'changeMonitor(this);')); + echo htmlSelect('monitor_id', $monitors_dropdown, $monitor_id, array('data-on-change-this'=>'changeMonitor')); return $monitor_id; } From 336f45219bf8b05ab288b490cb632eadef8354ce Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 15 Aug 2019 16:04:56 -0400 Subject: [PATCH 360/360] fix object caching --- web/includes/Object.php | 42 +++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/web/includes/Object.php b/web/includes/Object.php index 2b58928d9..4e73da5d3 100644 --- a/web/includes/Object.php +++ b/web/includes/Object.php @@ -8,16 +8,11 @@ class ZM_Object { public function __construct($IdOrRow = NULL) { $class = get_class($this); - global $object_cache; - if ( ! isset($object_cache[$class]) ) - $object_cache[$class] = array(); - $cache = $object_cache[$class]; - - $table = $class::$table; $row = NULL; if ( $IdOrRow ) { if ( is_integer($IdOrRow) or ctype_digit($IdOrRow) ) { + $table = $class::$table; $row = dbFetchOne("SELECT * FROM `$table` WHERE `Id`=?", NULL, array($IdOrRow)); if ( !$row ) { Error("Unable to load $class record for Id=$IdOrRow"); @@ -25,17 +20,24 @@ class ZM_Object { } elseif ( is_array($IdOrRow) ) { $row = $IdOrRow; } - } # end if isset($IdOrRow) - if ( $row ) { - foreach ($row as $k => $v) { - $this->{$k} = $v; + + if ( $row ) { + global $object_cache; + if ( ! isset($object_cache[$class]) ) { + $object_cache[$class] = array(); + } + $cache = &$object_cache[$class]; + + foreach ($row as $k => $v) { + $this->{$k} = $v; + } + $cache[$row['Id']] = $this; } - $cache[$row['Id']] = $this; } else { # Set defaults foreach ( $this->defaults as $k => $v ) $this->{$k} = $v; - } - } + } # end if isset($IdOrRow) + } # end function __construct public function __call($fn, array $args){ if ( count($args) ) { @@ -48,7 +50,7 @@ class ZM_Object { return $this->defaults{$fn}; } else { $backTrace = debug_backtrace(); - Warning("Unknown function call Sensor->$fn from ".print_r($backTrace,true)); + Warning("Unknown function call Object->$fn from ".print_r($backTrace,true)); } } } @@ -98,13 +100,13 @@ class ZM_Object { } } return $results; - } # end public function find() + } # end public function _find() public static function _find_one($class, $parameters = array(), $options = array() ) { global $object_cache; if ( ! isset($object_cache[$class]) ) $object_cache[$class] = array(); - $cache = $object_cache[$class]; + $cache = &$object_cache[$class]; if ( ( count($parameters) == 1 ) and isset($parameters['Id']) and @@ -162,7 +164,7 @@ class ZM_Object { } else if ( is_null($v) ) { $this->{$k} = $v; } else { - Error( "Unknown type $k => $v of var " . gettype( $v ) ); + Error("Unknown type $k => $v of var " . gettype($v)); $this->{$k} = $v; } } # end if method_exists @@ -175,7 +177,7 @@ class ZM_Object { if ( method_exists($this, $field) ) { $old_value = $this->$field(); - Logger::Debug("Checking method $field () ".print_r($old_value,true)." => " . print_r($value,true)); + Logger::Debug("Checking method $field () ".print_r($old_value,true).' => ' . print_r($value,true)); if ( is_array($old_value) ) { $diff = array_recursive_diff($old_value, $value); Logger::Debug("Checking method $field () diff is".print_r($diff,true)); @@ -186,13 +188,13 @@ class ZM_Object { $changes[$field] = $value; } } else if ( array_key_exists($field, $this) ) { - Logger::Debug("Checking field $field => ".$this->{$field} . " ?= " .$value); + Logger::Debug("Checking field $field => ".$this->{$field} . ' ?= ' .$value); if ( $this->{$field} != $value ) { $changes[$field] = $value; } } else if ( array_key_exists($field, $this->defaults) ) { - Logger::Debug("Checking default $field => ".$this->defaults[$field] . " " .$value); + Logger::Debug("Checking default $field => ".$this->defaults[$field] . ' ' .$value); if ( $this->defaults[$field] != $value ) { $changes[$field] = $value; }