mirror/motion
1
0
Fork 0
mirror of https://github.com/Motion-Project/motion.git synced 2025-12-23 23:18:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

Limit parameters available on webcontrol (#530)

Browse Source 
Implement a new configuration option which allows users to specify the
type of parameters which can be accessed via the webcontrol page.  The
new option permits levels 0(none) to 3(restricted) with a default of
none.  This option is to enhance the security associated with the
application for users that may expose the webcontrol port publicly.

Close #515
This commit is contained in:
Mr-DaveDev
2017-11-01 18:13:05 -06:00
committed by Mr-Dave
parent ec9a5f993d
commit fbb3c2e022
8 changed files with 393 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

454
conf.c
View File

File diff suppressed because it is too large Load Diff

2
conf.h
View File

@@ -84,6 +84,7 @@ struct config {
int webcontrol_port;
int webcontrol_localhost;
int webcontrol_html_output;
int webcontrol_parms;
const char *webcontrol_authentication;
unsigned long frequency;
int tuner_number;
@@ -168,6 +169,7 @@ typedef struct {
int conf_value; /* pointer to a field in struct context */
conf_copy_func copy; /* a function to set the value in 'config' */
conf_print_func print; /* a function to output the value to a file */
int webui_level; /* Enum to display in webui: 0,1,2,3,99(always to never)*/
} config_param;
extern config_param config_params[];

4
motion-dist.conf.in
View File

@@ -501,6 +501,10 @@ webcontrol_html_output on
# Default: not defined (Disabled)
; webcontrol_authentication username:password
# Parameters to include on webcontrol. 0=none, 1=limited, 2=advanced, 3=restricted
# Default: 0 (none)
webcontrol_parms 0
############################################################
# Tracking (Pan/Tilt)

20
motion.1
View File

@@ -1610,6 +1610,26 @@ The authentication method to use for viewing the web control.
.RE
.RE
.TP
.B webcontrol_parms
.RS
.nf
Values:
.RS
0 = No parameters available to change on web control
1 = Limited list of parameters available to change
2 = Advanced list of parameters (usually requires restart to become effective)
3 = Restricted list of parameters (User IDs, passwords, commands to execute, etc)
.RE
Default: 0
Description:
.fi
.RS
The type of parameters that are able to be modified via the web interface. This parameter can never be modified
via the web interface and must be specified directly in the configuration file.
.RE
.RE
.TP
.B track_type
.RS

1
motion.c
View File

@@ -3169,6 +3169,7 @@ int main (int argc, char **argv)
* Create a thread for the control interface if requested. Create it
* detached and with 'motion_web_control' as the thread function.
*/
if (cnt_list[0]->conf.webcontrol_port) {
pthread_mutex_lock(&global_lock);
threads_running++;

8
motion.h
View File

@@ -255,6 +255,14 @@ enum CAMERA_TYPE {
CAMERA_TYPE_NETCAM
};
enum WEBUI_LEVEL{
WEBUI_LEVEL_ALWAYS = 0,
WEBUI_LEVEL_LIMITED = 1,
WEBUI_LEVEL_ADVANCED = 2,
WEBUI_LEVEL_RESTRICTED = 3,
WEBUI_LEVEL_NEVER = 99
};
struct image_data {
unsigned char *image_norm;
unsigned char *image_high;

32
motion_guide.html
View File

@@ -2085,6 +2085,12 @@ Some configuration options are only used if Motion is built on a system that has
<td align="left">webcontrol_localhost</td>
<td align="left"><a href="#webcontrol_localhost" >webcontrol_localhost</a></td>
</tr>
<tr>
<td height="17" align="left"></td>
<td align="left"></td>
<td align="left"></td>
<td align="left"><a href="#webcontrol_parms" >webcontrol_parms</a></td>
</tr>
<tr>
<td height="17" align="left">control_port</td>
<td align="left">webcontrol_port</td>
@@ -2516,6 +2522,10 @@ Some configuration options are only used if Motion is built on a system that has
<td bgcolor="#edf4f9" ><a href="#webcontrol_html_output" >webcontrol_html_output</a> </td>
<td bgcolor="#edf4f9" ><a href="#webcontrol_authentication" >webcontrol_authentication</a> </td>
</tr>
<tr>
<td bgcolor="#edf4f9" ><a href="#webcontrol_parms" >webcontrol_parms</a> </td>
</tr>
</tbody>
</table>
@@ -5356,6 +5366,28 @@ The syntax is username:password
<p></p>
</ul>
<h3><a name="webcontrol_parms"></a> webcontrol_parms </h3>
<p></p>
<ul>
<li> Type: Integer</li>
<li> Range / Valid values: 0 - 3</li>
<li> Default: 0 (disabled)</li>
</ul>
<p></p>
Sets the type of parameters that will be listed on the webcontrol page and available for
modification.
<ul>
<li> 0: None - No configuration parameters will be available.</li>
<li> 1: Limited- A limited list of parameters will be available. </li>
<li> 2: Advanced - The advanced list of parameters will be available. These typically require Motion to be restarted to become effective.</li>
<li> 3: Restricted - User IDs, passwords and "On" commands.</li>
</ul>
The default for this parameter is 0 none to enhance the security of the web interface. The setting of the
webcontrol_parms is NEVER included on the web interface and this parameter must be specified via the configuration file.
Care should be exercised when using level restricted level because if the webcontrol is compromised,
it may compromise the computer.
<p></p>
<h3><a name="Options_Database"></a>Database</h3>
<ul>

27
webhttpd.c
View File

@@ -466,7 +466,9 @@ static unsigned int config(char *pointer, char *res, unsigned int length_uri,
for (i=0; config_params[i].param_name != NULL; i++) {
if ((thread != 0) && (config_params[i].main_thread))
if (((thread != 0) && (config_params[i].main_thread)) ||
(config_params[i].webui_level > cnt[0]->conf.webcontrol_parms) ||
(config_params[i].webui_level == WEBUI_LEVEL_NEVER) )
continue;
value = config_params[i].print(cnt, NULL, i, thread);
@@ -568,7 +570,10 @@ static unsigned int config(char *pointer, char *res, unsigned int length_uri,
/* check if command exists and type of command and not end of URI */
i=0;
while (config_params[i].param_name != NULL) {
if ((thread != 0) && (config_params[i].main_thread)) {
if (((thread != 0) && (config_params[i].main_thread)) ||
(config_params[i].webui_level > cnt[0]->conf.webcontrol_parms) ||
(config_params[i].webui_level == WEBUI_LEVEL_NEVER) ) {
i++;
continue;
}
@@ -670,7 +675,9 @@ static unsigned int config(char *pointer, char *res, unsigned int length_uri,
(((length_uri = length_uri - strlen(command)) == 0))) {
i=0;
while (config_params[i].param_name != NULL) {
if ((thread != 0) && (config_params[i].main_thread)) {
if (((thread != 0) && (config_params[i].main_thread)) ||
(config_params[i].webui_level > cnt[0]->conf.webcontrol_parms) ||
(config_params[i].webui_level == WEBUI_LEVEL_NEVER) ) {
i++;
continue;
}
@@ -768,7 +775,9 @@ static unsigned int config(char *pointer, char *res, unsigned int length_uri,
send_template(client_socket, res);
for (i=0; config_params[i].param_name != NULL; i++) {
if ((thread != 0) && (config_params[i].main_thread))
if (((thread != 0) && (config_params[i].main_thread)) ||
(config_params[i].webui_level > cnt[0]->conf.webcontrol_parms) ||
(config_params[i].webui_level == WEBUI_LEVEL_NEVER) )
continue;
sprintf(res, "<option value='%s'>%s</option>\n",
config_params[i].param_name, config_params[i].param_name);
@@ -816,7 +825,9 @@ static unsigned int config(char *pointer, char *res, unsigned int length_uri,
const char *value = NULL;
i = 0;
while (config_params[i].param_name != NULL) {
if ((thread != 0) && (config_params[i].main_thread)) {
if (((thread != 0) && (config_params[i].main_thread)) ||
(config_params[i].webui_level > cnt[0]->conf.webcontrol_parms) ||
(config_params[i].webui_level == WEBUI_LEVEL_NEVER) ) {
i++;
continue;
}
@@ -901,7 +912,9 @@ static unsigned int config(char *pointer, char *res, unsigned int length_uri,
cnt[thread]->conf.camera_name ? cnt[thread]->conf.camera_name : "");
send_template(client_socket, res);
for (i=0; config_params[i].param_name != NULL; i++) {
if ((thread != 0) && (config_params[i].main_thread))
if (((thread != 0) && (config_params[i].main_thread)) ||
(config_params[i].webui_level > cnt[0]->conf.webcontrol_parms) ||
(config_params[i].webui_level == WEBUI_LEVEL_NEVER) )
continue;
sprintf(res, "<option value='%s'>%s</option>\n",
config_params[i].param_name, config_params[i].param_name);
@@ -2702,6 +2715,8 @@ void *motion_web_control(void *arg)
httpd_run(cnt);
/*
* Update how many threads we have running. This is done within a
* mutex lock to prevent multiple simultaneous updates to