Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Digest auth #588

Merged
merged 4 commits into from Nov 29, 2014

Conversation

@connortechnology
Copy link
Member

commented Nov 20, 2014

So this works, however there are at least 3 more things to do before it would be complete.
#1, support qop=auth-int
#2 nc should increment with each request, it currently does not.
#3 we are using a hard coded cnonce. This should be configurable.

In the meantime, please test it with your cameras.

implement http_Digest Auth, and improve it for rtsp
Conflicts:
	src/zm_remote_camera_http.cpp
	src/zm_rtsp.cpp
@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 25, 2014

This fixes #399 btw

@knight-of-ni

This comment has been minimized.

Copy link
Member

commented Nov 28, 2014

Well, it's a no go on my end. I tried Foscam, Grandstream, and USG cameras.
All three cameras work just fine using ffmpeg, but none of them work when I switch to Remote and then try to configure RTSP, using the same known-good URL.

Error messages range from No RTSP sources, null RTSP response, or error 501 not implemented. For kicks I tried every single available option from the drop downs on both port 80 and 554.
I don't think the cameras not working has anything to do with this pull request, but unfortunately that does mean I am unable to validate it on my end.

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

Can you turn on debugging and send me the output? It should log all the auth stuff. If it was an auth problem, you should have seen 401 errors logged..

I don't suppose you could create me access to one of them to play with?

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

Looks like foscam provides some demo cams to access... I'll try playing with them.

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

Let's play with the foscam... what are you path settings? what are you using with ffmpeg?

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

Look like the FOSCAMs want MD5 as the algorithm, which we havn't implemented.

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

Actually it looks like they drop the connection, and we expect it to stay open.

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

So the Digest auth works with foscam for http streaming, when using regexp. I am working on making it work with simple.

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

Hey, so I hadn't implemented the Authentication Header handler for the simple method. So now I have.

This now allows me to Digest-authenticate to FOSCAM demo cams for MJPEG stream.

@knight-of-ni

This comment has been minimized.

Copy link
Member

commented Nov 28, 2014

Just noticed and fixed a mysql problem that was truncating the log. I'm back. And I'll post a more complete log entry shortly now that I have it.

From what I've seen, most of the newer Foscams seem to all support the following:
Source Type: ffmpeg
Source Path: rtsp://admin:password@192.168.1.81:88/videoMain
Remote Method: RTP/Unicast

Seems they want to do the rtsp over the same port as http, which is 88 by default.

Ok, so I see your last post about mjpeg streams, but I'm using a h.264 stream.

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

Yeah The demo cams for foscam are all port forwarded and I can't seem to get a reasonable response from them. So I've moved on to grandstream, but the demo cams for them don't use auth.

@knight-of-ni

This comment has been minimized.

Copy link
Member

commented Nov 28, 2014

So here we go:
http://pastebin.com/raw.php?i=jYBdV2ZC

Source Type: Remote
Remote Protocol: RTSP
Remote Method: RTP/Unicast
Remote Host Name: admin:password@192.168.1.81
Remote host Port: 88
Remote host Path: /videoMain

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

I'm going to need Debug turned up to level 6.

I can't get anything from grandstream, no matter what I do it won't talk to me.

@knight-of-ni

This comment has been minimized.

Copy link
Member

commented Nov 28, 2014

Level 6 just got us a bunch of non-relavant data concerning the motion zone:
http://pastebin.com/raw.php?i=5mrx30nD

I guess I could run a wireshark session to see what the differences are between the ffmpeg & Remote source types.

@knight-of-ni

This comment has been minimized.

Copy link
Member

commented Nov 28, 2014

Wireshark makes it pretty clear what is happening.

Using a source type of ffmpeg, zoneminder sends to the camera:
OPTIONS rtsp://192.168.1.81:88/videoMain RTSP/1.0

This causes the camera to do some sort of handshake by responding with what appears to be supported features:
OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER...

Inspecting the packets further, zoneminder then sends credentials to the camera via digest authentication.

I don't know enough about RTSP to say anything other than this must be normal as the video stream works.

Using a source type of Remote with RTSP/Unicast, zoneminder sends:
OPTIONS * RTSP/1.0
And the camera immediately responds with:
HTTP/1.0 400 Bad Request

which stops everything.

So, to put it in my own words, zoneminder appears to be cheating by just sending the wildcard * to the camera rather than sending the complete URL. I don't understand the purpose of why the camera wants its own URL parroted back to it, but that appears to be what is required in this case to get the camera to work.

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 28, 2014

Yeah. You see how we are sending * instead of the url in our OPTIONS statement? I think that's the problem.

I'll see what I can do about that tonight.

@knight-of-ni

This comment has been minimized.

Copy link
Member

commented Nov 28, 2014

Made some progress.
I found two lines of code in zm_rtsp.cpp that built the OPTIONS message and I replaced the wildcard "*" with "mURL" in both lines, which now look like: "OPTIONS "+mUrl+" RTSP/1.0\r\n"

This made significant progress! I am now seeing the same kind of handshake I saw using the ffmpeg method. However, it appears I did not fix the mysql problem because as you can see from the last line, something is still causing the logger to say it can no longer write to mysql, which causes everything to stop. However, there no errors whatsoever in the mysql log.

http://pastebin.com/raw.php?i=jBp2zKNn

UPDATE: Running another debug session where I didn't get the mysql error, the session stops with this line before zmc exits with status 255:
11/28/14 17:08:43.272986 zmc_m7[7950].DB1-/home/abauer/rpmbuild/BUILD/ZoneMinder-1.28digest/src/zm_sdp.cpp/364 [Looking for codec for video payload type 96 / H264]

@knight-of-ni

This comment has been minimized.

Copy link
Member

commented Nov 28, 2014

Works!
OK, there seems to be some kind of unrelated problem with logging debug messages to mysql. Once I set the log level of the database log back to Info, the mysql error vanished, zmc stopped crashing with exist status 255, and I am now able to view the stream in a live monitor.

@connortechnology

This comment has been minimized.

Copy link
Member Author

commented Nov 29, 2014

good work!

knight-of-ni pushed a commit that referenced this pull request Nov 29, 2014
Andrew Bauer

@knight-of-ni knight-of-ni merged commit e4fa475 into master Nov 29, 2014

1 check passed

continuous-integration/travis-ci The Travis CI build passed
Details
@knight-of-ni

This comment has been minimized.

Copy link
Member

commented Nov 29, 2014

see #608

@connortechnology connortechnology deleted the digest_auth branch Nov 30, 2014

knight-of-ni pushed a commit that referenced this pull request Dec 29, 2014
Merge pull request #588 from ZoneMinder/digest_auth
Digest auth
Conflicts:
	src/zm_rtsp_auth.cpp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.