ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix crash when using auth_relay=none

pull/2696/head
Isaac Connor 2019-08-28 10:34:30 -04:00
parent 64d024b0c0
commit 5f0080ef92
2 changed files with 68 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/zm_user.cpp
View File

@ -27,6 +27,18 @@
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
#if HAVE_GNUTLS_OPENSSL_H
#include <gnutls/openssl.h>
#endif
#if HAVE_GNUTLS_GNUTLS_H
#include <gnutls/gnutls.h>
#endif
#if HAVE_GCRYPT_H
#include <gcrypt.h>
#elif HAVE_LIBCRYPTO
#include <openssl/md5.h>
#endif // HAVE_L || HAVE_LIBCRYPTO
#include "zm_utils.h" #include "zm_utils.h"
#include "zm_crypt.h" #include "zm_crypt.h"
@ -38,7 +50,7 @@ User::User() {
stream = events = control = monitors = system = PERM_NONE; stream = events = control = monitors = system = PERM_NONE;
} }
User::User( MYSQL_ROW &dbrow ) { User::User(const MYSQL_ROW &dbrow) {
int index = 0; int index = 0;
id = atoi(dbrow[index++]); id = atoi(dbrow[index++]);
strncpy(username, dbrow[index++], sizeof(username)-1); strncpy(username, dbrow[index++], sizeof(username)-1);
@ -97,46 +109,44 @@ User *zmLoadUser( const char *username, const char *password ) {
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
mysql_real_escape_string(&dbconn, safer_username, username, username_length); mysql_real_escape_string(&dbconn, safer_username, username, username_length);
snprintf(sql, sizeof(sql), snprintf(sql, sizeof(sql),
"SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds`" "SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds`"
" FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", safer_username); " FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", safer_username);
if ( mysql_query(&dbconn, sql) ) { if ( mysql_query(&dbconn, sql) ) {
Error("Can't run query: %s", mysql_error(&dbconn)); Error("Can't run query: %s", mysql_error(&dbconn));
exit(mysql_errno(&dbconn)); exit(mysql_errno(&dbconn));
} }
delete safer_username;
MYSQL_RES *result = mysql_store_result(&dbconn); MYSQL_RES *result = mysql_store_result(&dbconn);
if ( !result ) { if ( !result ) {
Error("Can't use query result: %s", mysql_error(&dbconn)); Error("Can't use query result: %s", mysql_error(&dbconn));
exit(mysql_errno(&dbconn)); exit(mysql_errno(&dbconn));
} }
int n_users = mysql_num_rows(result);
if ( n_users != 1 ) { if ( mysql_num_rows(result) != 1 ) {
mysql_free_result(result); mysql_free_result(result);
Warning("Unable to authenticate user %s", username); Warning("Unable to authenticate user %s", username);
return NULL; return NULL;
} }
MYSQL_ROW dbrow = mysql_fetch_row(result); MYSQL_ROW dbrow = mysql_fetch_row(result);
User *user = new User(dbrow); User *user = new User(dbrow);
mysql_free_result(result);
if ( !password ) {
// relay type must be none
return user;
}
if ( verifyPassword(username, password, user->getPassword()) ) { if ( verifyPassword(username, password, user->getPassword()) ) {
Info("Authenticated user '%s'", user->getUsername()); Info("Authenticated user '%s'", user->getUsername());
mysql_free_result(result);
delete safer_username;
return user; return user;
} }
else {
Warning("Unable to authenticate user %s", username);
mysql_free_result(result);
return NULL;
}
Warning("Unable to authenticate user %s", username);
return NULL;
} }
User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) {

33
src/zm_user.h
View File

@ -23,20 +23,9 @@
#ifndef ZM_USER_H #ifndef ZM_USER_H
#define ZM_USER_H #define ZM_USER_H
#if HAVE_GNUTLS_OPENSSL_H #include <string>
#include <gnutls/openssl.h>
#endif
#if HAVE_GNUTLS_GNUTLS_H
#include <gnutls/gnutls.h>
#endif
#if HAVE_GCRYPT_H
#include <gcrypt.h>
#elif HAVE_LIBCRYPTO
#include <openssl/md5.h>
#endif // HAVE_L || HAVE_LIBCRYPTO
#include <vector> #include <vector>
class User { class User {
public: public:
typedef enum { PERM_NONE = 1, PERM_VIEW, PERM_EDIT } Permission; typedef enum { PERM_NONE = 1, PERM_VIEW, PERM_EDIT } Permission;
@ -55,7 +44,7 @@ protected:
public: public:
User(); User();
explicit User( MYSQL_ROW &dbrow ); explicit User(const MYSQL_ROW &dbrow);
~User(); ~User();
User(User &u) { Copy(u); } User(User &u) { Copy(u); }
void Copy(const User &u); void Copy(const User &u);
@ -64,14 +53,14 @@ public:
} }
const int Id() const { return id; } const int Id() const { return id; }
const char *getUsername() const { return( username ); } const char *getUsername() const { return username; }
const char *getPassword() const { return( password ); } const char *getPassword() const { return password; }
bool isEnabled() const { return( enabled ); } bool isEnabled() const { return enabled; }
Permission getStream() const { return( stream ); } Permission getStream() const { return stream; }
Permission getEvents() const { return( events ); } Permission getEvents() const { return events; }
Permission getControl() const { return( control ); } Permission getControl() const { return control; }
Permission getMonitors() const { return( monitors ); } Permission getMonitors() const { return monitors; }
Permission getSystem() const { return( system ); } Permission getSystem() const { return system; }
bool canAccess(int monitor_id); bool canAccess(int monitor_id);
}; };