zoneminder
zoneminder copied to clipboard
ZoneMinder
Added configuring of authentication for rstp cameras
This responds to #695.
The change is not too complex and builds on support that was already present in the code. It simply introduces the required fields in the monitor edit page to allow to specify the user and password for the camera. The values are already handled and saved/loaded by the backing php monitor code.
At this moment I have not inserted any explicit validation seen that the authentication is mediated by rtsp headers and not in the url so any value should be allowed.
I've tested this on my local machine with a "remote" type camera and it seems to authenticate correctly with the correct username/password containing special characters not allowed in url (without encoding).
Please review and test.
This changeset should also update how Janus gets username and password for RTSP streams: https://github.com/ZoneMinder/zoneminder/blob/master/src/zm_monitor_janus.cpp#L44
Good to see this being worked on!
This changeset should also update how Janus gets username and password for RTSP streams: https://github.com/ZoneMinder/zoneminder/blob/master/src/zm_monitor_janus.cpp#L44
Good to see this being worked on!
Thanks, i have not seen the part for janus, but doesn't your change split the data in url? So it would fail all the same with special characters, or maybe i'm missing something?
but doesn't your change split the data in url?
Yes. We currently split username/password out of the given URL so Janus can authenticate. When we pull this changeset, and switch to using a username and password, the Janus code should drop the URL parsing and just use user and pass. Just pulling this code as-is would break Janus.
Just pulling this code as-is would break Janus.
Should i then investigate this kind of integration with the janus straming too?
Should i then investigate this kind of integration with the Janus streaming too?
Yes please. It should be straightforward to drop the URL parsing code, and set the user/pass sent to Janus using the new options.
The way that I was going to go was to actually change the Source tab UI to sync it up between remote and ffmpeg types. Because we don't want to be able to actually see the password so the idea is you could either cutnpaste a full url and it would auto populate the split out parts (scheme, username, password, host, path, query etc). Because when you switch between ffmpeg and remote they use the parts differently It would be nice to be able to switch back and forth.
cutnpaste a full url and it would auto populate the split out parts (scheme, username, password, host, path, query etc).
Would be nice to have that capability anyway, to transition from the old all-in-one URL to the new split-out interface.
@connortechnology @jp-bennett I'll check the janus integration first than i'll check how to implement the (browser-side) sync.
@jp-bennett I was trying to test my change with janus, but i'm getting an error that the "javascript/janus/janus.js" library is not found when opening the live view, can you point me to where can i find / how to generate that lib?
Also would it be correct to assume that the user and password to be used for janus monitor are the same as the parent monitor?
thank you for the support.
"javascript/janus/janus.js" library is not found when opening the live view, can you point me to where can i find / how to generate that lib?
It depends on what distro you're using, but for Ubuntu, installing libjs-janus will get the javascript library in place (Might require an a2enconf, can't remember). It's contained in the Janus source (https://github.com/meetecho/janus-gateway/blob/master/html/janus.js) but the js lib needs to match the version of the Janus binary.
Also would it be correct to assume that the user and password to be used for janus monitor are the same as the parent monitor?
Yes. What this is doing is sending the proper credentials to Janus, so Janus can connect to the camera directly.
Getting a crash with this code.
terminate called after throwing an instance of 'std::regex_error'
what(): Unexpected end of regex when escaping.
Thanks for testing i'm having serious trouble setting up janus (something about the ICE servers not being defined), i'll check now the cause of the error.
Thanks for testing i'm having serious trouble setting up janus (something about the ICE servers not being defined), i'll check now the cause of the error.
That's a misleading error. You don't need ICE servers. It's a pain to set up the first time, that's true. What's worse, browsers have this habit of not playing the streams if they're not specifically h264 baseline. I'm also trying to figure out exactly what regex is complaining about.
Found, it was the backslashes at the end
I think we figured that out at the same moment. =)
That part looks good. Now we just need to get the bits wired up for ffmpeg and vlc capture. And it would be really slick to have a database update that pulls any auth strings out of the source path, and populates username/password.
Should the url auth parsing happen only when the fields are empty? because otherwise you might accidentally overwrite the user values.
Should the url auth parsing happen only when the fields are empty? because otherwise you might accidentally overwrite the user values.
That sounds reasonable. If either field is populated, leave everything as-is. If they are empty and the URL appears to have a username and/or password, extract to the appropriate fields.
@jp-bennett @connortechnology Hi all, i've integrated the request for updating dynamically from the db and ui the update of the path, user and password values.
On the UI side:
- Added the user and password fields to Remote type monitors
- Edit of the path field will cause the local update of the user and password fields only if they were empty, moreover if they are equal it will update the corresponding field dynamically (ie. updating the username field in the url will cause the username form field to update)
- On losing focus for any of the fields, a local sync of the values if performed, meaning that if the fields in both the url and the username/password are equal than they are removed from the url
On the backend side:
- On update from the clientside and on loading of the monitors from the database, the same rules are enforced
So this means for example that loading a path value already in the db with both username and password set will populate the corresponding fields and remove them from url
I hope i've interpreted correctly what was requested.
Is there anything else that should be included? thanks.
Is there anything else that should be included?
The only other thing I know of is that ffmpeg cameras should use the username/pass fields, too. That's how most users set up for RTSP. It's likely a simple pair of options to set in https://github.com/ZoneMinder/zoneminder/blob/master/src/zm_ffmpeg_camera.cpp
@jp-bennett I've added the ffmpeg and the libvlc support for the auth.
Please check if everything necessary for the feature is present and test it if you can.
@jp-bennett I've added the ffmpeg and the libvlc support for the auth.
Please check if everything necessary for the feature is present and test it if you can.
I'll give it a thorough test over the weekend. Excited to get this pulled in.
Tested and working here. @connortechnology you see any problems with this? I'm inclined to pull it.