I recently upgrade Zoneminder to 1.33.14, and some new problem arises.
I first reapplied the previous steps:
- Lisa Rushworh tuning of
zoneminder/www/includes/config.php
, line 170, change define( $row['Name'], $row['Value'] );
to
170: if ( strcmp($row['Name'],'ZM_PATH_ZMS') != 0) {
171- define( $row['Name'], $row['Value'] );
172- }
- Lisa Rushwoth-based mysql update:
mysql -u zmuser -p # Default password is zmpass, defined in /etc/zm/zm.conf at line 50 (approx.)
use zm; #Assuming your zoneminder database is actually named zm
INSERT INTO `Config` VALUES (1225,'ZM_PATH_ZMS','/cgi-bin/nph-zms','string','/cgi-bin/nph-zms','relative/path/to/somewhere','(?^:^((?:[^/].*)?)/?$)',' $1 ','Web path to zms streaming server',' The ZoneMinder streaming server is required to send streamed images to your browser. It will be installed into the cgi-bin path given at configuration time. This option determines what the web path to the server is rather than the local path on your machine. Ordinarily the streaming server runs in parser-header mode however if you experience problems with streaming you can change this to non-parsed-header (nph) mode by changing \'zms\' to \'nph-zms\'. ','hidden',0,NULL);
INSERT INTO `Config` VALUES (1226,'ZM_OPT_FRAME_SERVER','0','boolean','no','yes|no','(?^i:^([yn]))',' ($1 =~ /^y/) ? \"yes\" : \"no\" ','Should analysis farm out the writing of images to disk',' In some circumstances it is possible for a slow disk to take so long writing images to disk that it causes the analysis daemon to fall behind especially during high frame rate events. Setting this option to yes enables a frame server daemon (zmf) which will be sent the images from the analysis daemon and will do the actual writing of images itself freeing up the analysis daemon to get on with other things. Should this transmission fail or other permanent or transient error occur, this function will fall back to the analysis daemon. ','system',0,NULL);
Then i still faced an authentication problem.
Whatever has changed between 1.33.10 & 1.33.14 is preventing a user to get authenticated with the “old-style” way of first posting the credentials.
So, i got an idea, remove authentication. But wait, anyone could then log and see anything ? Not if i added an http authentication layer at RP level, and bypass RP only for openhab… But then i couldn’t see the streams from ZMninja.
I needed the following:
- Authenticate users from Internet
- Authenticate only with ZM builtin auth
- Do not authenticate OpenHab
Thats were i looked into ZM code to see how authentication is done.
- First, i edited
zoneminder/www/includes/auth.php
and updated the following on line 267, in place of if ( ZM_OPT_USE_AUTH )
:
267:if ( $_SERVER['REMOTE_ADDR'] == '<OpenHab_IP>' ) {
268- $user = $defaultUser;
269-} else if ( ZM_OPT_USE_AUTH ) {
- If the source IP is my openhab server ip address, i just use a defaultUser, as when authentication is completely disabled. That was working for accessing any pages, like the console, but not for the API.
- Then, i edited the
zoneminder/www/api/app/Controller/HostController.php
and added this before if ( !ZM_OPT_USE_AUTH )
on line 111:
111: if ( $_SERVER['REMOTE_ADDR'] == "<OpenHab_IP>" )
112- return;
113-
114- if ( !ZM_OPT_USE_AUTH )
- I want this module to behave the same when the client IP is openhab, than when auth is disabled. Same player, try again. API still gives 401 to openhab.
- I finally edited
zoneminder/www/api/app/Controller/AppController.php
and updated line 70 from if ( ZM_OPT_USE_AUTH )
to if ( ZM_OPT_USE_AUTH && $_SERVER['REMOTE_ADDR'] != '<OpenHab_IP>' )
, as i wanted the App to handle my request this way only when the auth is enabled and for any host except OpenHab.
Now, openhab still try to authenticate to ZM with this POST request, but it does not need any form of authentication to access the API and do its job.
Moreover, this new trick will improve the stability, as there will not be any more Authentication timeout issues every few hours.
Downside is, whoever is connected to the openhab server has full access to zoneminder.