diff --git a/CMakeLists.txt b/CMakeLists.txt index c7bf19162..e3e3779f0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ # cmake_minimum_required (VERSION 2.6) project (zoneminder) -set(zoneminder_VERSION "1.28.105") +set(zoneminder_VERSION "1.28.106") # make API version a minor of ZM version set(zoneminder_API_VERSION "${zoneminder_VERSION}.1") diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index dbe6f3f66..6f9e514a1 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -341,6 +341,7 @@ CREATE TABLE `Monitors` ( `Palette` int(10) unsigned NOT NULL default '0', `Orientation` enum('0','90','180','270','hori','vert') NOT NULL default '0', `Deinterlacing` int(10) unsigned NOT NULL default '0', + `RTSPDescribe` tinyint(1) unsigned NOT NULL default '0', `Brightness` mediumint(7) NOT NULL default '-1', `Contrast` mediumint(7) NOT NULL default '-1', `Hue` mediumint(7) NOT NULL default '-1', diff --git a/db/zm_update-1.28.106.sql b/db/zm_update-1.28.106.sql new file mode 100644 index 000000000..894022d22 --- /dev/null +++ b/db/zm_update-1.28.106.sql @@ -0,0 +1,21 @@ +-- +-- This updates a 1.28.105 database to 1.28.106 +-- + +-- +-- Add Monitor RTSPDescribe field +-- Used to enable or disable processing of the remote camera RTSP DESCRIBE response header +-- +SET @s = (SELECT IF( + (SELECT COUNT(*) + FROM INFORMATION_SCHEMA.COLUMNS + WHERE table_name = 'Monitors' + AND table_schema = DATABASE() + AND column_name = 'RTSPDescribe' + ) > 0, +"SELECT 'Column RTSPDescribe already exists in Monitors'", +"ALTER TABLE `Monitors` ADD `RTSPDescribe` tinyint(1) unsigned NOT NULL default '0' AFTER `Deinterlacing`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; diff --git a/distros/fedora/CMakeLists.txt b/distros/fedora/CMakeLists.txt index deec840f7..c4275d45a 100644 --- a/distros/fedora/CMakeLists.txt +++ b/distros/fedora/CMakeLists.txt @@ -25,6 +25,7 @@ install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_P install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/events \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/events\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/images \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/images\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") +install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") # Fedora requires cambozola as a separate package so just link to it install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")") diff --git a/distros/fedora/README.Fedora b/distros/fedora/README.Fedora index 159e5345b..a75efc185 100644 --- a/distros/fedora/README.Fedora +++ b/distros/fedora/README.Fedora @@ -25,8 +25,8 @@ New installs introduce an obvious security issue. The following should set this up: mysql -u root -p - grant select,insert,update,delete,lock tables,alter on zm.* to - 'zmuser'@localhost identified by 'zmpass'; + grant select,insert,update,delete,lock tables,alter,create + on zm.* to 'zmuser'@localhost identified by 'zmpass'; Obviously, change at least zmpass to an actual, secure password or passphrase. You can change zmuser as well if you like. @@ -95,7 +95,7 @@ Upgrades 2. Add additional permissions to the zmuser account: mysql -u root -p - grant lock tables,alter on zm.* to + grant lock tables,alter,create on zm.* to 'zmuser'@localhost identified by 'zmpass'; Since this is an upgrade, the assumption is that the zmuser account already diff --git a/distros/redhat/CMakeLists.txt b/distros/redhat/CMakeLists.txt index fe69c6371..057b827d5 100644 --- a/distros/redhat/CMakeLists.txt +++ b/distros/redhat/CMakeLists.txt @@ -16,7 +16,7 @@ else(ZM_TARGET_DISTRO STREQUAL "el7") endif(ZM_TARGET_DISTRO STREQUAL "el7") # Download jscalendar & move files into position -file(DOWNLOAD http://nbtelecom.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc) +file(DOWNLOAD http://skylineservers.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc) #message(STATUS "Log of jscalender script was: ${jsc_log}") if(download_jsc EQUAL 0) message(STATUS "Jscalander successfully downloaded. Installing...") @@ -51,6 +51,7 @@ install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_P install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/events \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/events\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/images \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/images\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") +install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") # Install auxillary files required to run zoneminder on CentOS install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/distros/redhat/README.CentOS b/distros/redhat/README.CentOS index cc5e247f3..05e2cb0ab 100644 --- a/distros/redhat/README.CentOS +++ b/distros/redhat/README.CentOS @@ -1,6 +1,22 @@ -================================================================================ - NEW INSTALLS -================================================================================ +What's New +========== + +1. The ZoneMinder mysql account now requires "Create" permission. This change + must be done manually before ZoneMinder will run. See the installation steps + below. + +2. A new permission group called "Groups" has been added. This allows the + system administrator to assign "view", "edit", or "none" permission to + normal users, without giving them access to the rest of the ZoneMinder + system. During an upgrade, existing accounts will default to a Groups + permission of "none". + +3. This package now requires the HTTPS protocol to access the web portal. + Requests using HTTP will auto-redirect to HTTPS. See README.https for + more information. + +New installs +============ 1. Unless you are already using MySQL server, you need to ensure that the server is confired to start during boot and properly secured @@ -11,30 +27,37 @@ sudo chkconfig mysqld on 2. Using the password for the root account set during the previous step, you - will need to create the ZoneMinder database: + will need to create the ZoneMinder database and configure a database + account for ZoneMinder to use: mysql -uroot -p mysql> create database zm; - mysql> grant select,insert,update,delete,lock tables,alter on zm.* to - 'zmuser'@localhost identified by 'zmpass'; + mysql> grant select,insert,update,delete,lock tables,alter,create + on zm.* to 'zmuser'@localhost identified by 'zmpass'; mysql> exit; mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql mysqladmin -uroot -p reload + The database account credentials, zmuser/zmpass, are arbitrary. Set them to + anything that suits your envinroment. + 3. If you have chosen to change the zoneminder mysql credentials to something other than zmuser/zmpass then you must now edit /etc/zm.conf. Change ZM_DB_USER and ZM_DB_PASS to the values you created in step 2. -4. IMPORTANT: Edit /etc/php.ini and put in the appropriate timezone for - date.timezone! +4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local + timezone. PHP will complain loudly if this is not set, or if it is set + incorrectly, and these complaints will show up in the zoneminder logging + system as errors -5. The ZoneMinder web interface is disabled by default, you will need - to edit this file to enable it: + If you are not sure of the proper timezone specification to use, look at + http://php.net/date.timezone + +5. Verify the default ZoneMinder Apache configuration meets your needs: /etc/httpd/conf.d/zoneminder.conf - HINT: Most users will want to simply delete the line that says - "Deny from all". + When in doubt, leave this configuration as it is. 6. Configure the web server to start automatically: @@ -45,8 +68,8 @@ called local_zoneminder. A copy of this policy is in the documentation folder. - Unfortunately, this has not resolved all the SELinux issues so - most will want to disable SELinux permanently by editing the following: + It is still possible to run into SELinux issues, however. If this is case, + you can disable SELinux permanently by editing the following: /etc/selinux/conf @@ -66,27 +89,49 @@ UPGRADES ================================================================================ -1. Add additional permissions to the zmuser account: +1. Verify /etc/zm.conf. + + If zm.conf was manually edited before running the upgrade, the installation + may not overwrite it. In this case, it will create the file + /etc/zm.conf.rpmnew. + + For example, this will happen if you are using database account credentials + other than zmuser/zmpass. + + Compare /etc/zm.conf to /etc/zm.conf.rpmnew. Verify that zm.conf + contains any new config settings that may be in zm.conf.rpmnew. + +2. Verify permissions of the zmuser account. + + Over time, the database account permissions required for normal operation + have changed. Verify the zmuser database account has been granted select, + insert, update, delete, lock tables, alter, and create permission to the + ZoneMinder database: mysql -u root -p - grant lock tables,alter on zm.* to - 'zmuser'@localhost identified by 'zmpass'; + mysql> show grants for zmuser@localhost; + mysql> exit; - Since this is an upgrade, the assumption is that the zmuser account exists - and already has select, insert, update, and delete permission. + See step 2 of the Installation section to add missing permissions. + +3. Verify the ZoneMinder Apache configuration file in the folder + /etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there + may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file + exists, inspect it and merge anything new in that file with zoneminder.conf. + +4. Upgrade the database before starting ZoneMinder. + + Most upgrades can be performed by executing the following command: -2. If you have previsouly changed the zoneminder mysql credentials to something - other than zmuser/zmpass then you must now edit /etc/zm.conf. Change - ZM_DB_USER and ZM_DB_PASS to their appropriate values. - -3. You will need to upgrade the ZoneMinder database as described in the manual. - Only if step 1 was succesfully applied, may you run zmupdate like so: - - sudo zmupdate.pl --version= - - - If unsure then run it this way: + sudo zmupdate.pl + + Recent versions of ZoneMinder don't require any parameters added to the + zmupdate command. However, if ZoneMinder complains, you may need to call + zmupdate in the following manner: sudo zmupdate.pl --user=root --pass= --version= +5. Now start zoneminder: + + sudo service zoneminder start diff --git a/distros/redhat/README.Centos7 b/distros/redhat/README.Centos7 index ce7d9af51..70e98b006 100644 --- a/distros/redhat/README.Centos7 +++ b/distros/redhat/README.Centos7 @@ -1,23 +1,21 @@ - What's New ========== -1. The Apache ScriptAlias has been changed from "/cgi-bin/zm/zms" to - "/cgi-bin-zm/zms". This has been to done to avoid this bug: - https://bugzilla.redhat.com/show_bug.cgi?id=973067 +1. The ZoneMinder mysql account now requires "Create" permission. This change + must be done manually before ZoneMinder will run. See the installation steps + below. - IMPORTANT: ZoneMinder will not update this value during an upgrade. You must - manually update ZM_PATH_ZMS yourself under Options. This does not affect - new installs. +2. A new permission group called "Groups" has been added. This allows the + system administrator to assign "view", "edit", or "none" permission to + normal users, without giving them access to the rest of the ZoneMinder + system. During an upgrade, existing accounts will default to a Groups + permission of "none". -2. During an rpm package upgrade, zmupdate.pl will now auto-update the database - and the zonemidner service will restart automatically. - -3. The ZoneMinder config file, zm.conf, has been moved under /etc/zm. - -4. Systemd. CentOS 7 uses Systemd instead of the legacy Sys V Init. Under the - hood, Systemd does things quite a bit differently. Prepare to go through a - learning curve if you have not done so already. +3. This package now requires the HTTPS protocol to access the web portal. + Requests using HTTP will auto-redirect to HTTPS. See README.https for + more information. + +4. This package ships with the new ZoneMinder API enabled. New installs ============ @@ -36,8 +34,8 @@ New installs mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql mysql -u root -p - mysql> grant select,insert,update,delete,lock tables,alter on zm.* to - 'zmuser'@localhost identified by 'zmpass'; + mysql> grant select,insert,update,delete,lock tables,alter,create + on zm.* to 'zmuser'@localhost identified by 'zmpass'; mysql> exit; mysqladmin -u root -p reload @@ -50,21 +48,22 @@ New installs step. 4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local - timezone. For whatever reason, PHP will complain loudly if this is not set, - or if it is set incorrectly, and these complaints will show up in the - zoneminder logging system as errors. + timezone. PHP will complain loudly if this is not set, or if it is set + incorrectly, and these complaints will show up in the zoneminder logging + system as errors. If you are not sure of the proper timezone specification to use, look at http://php.net/date.timezone -5. This package will automatically configure and install an SELinux policy - called local_zoneminder. A copy of this policy is in the documentation - folder. +5. Disable SELinux + + We currently do not have the resources to create and maintain an accurate + SELinux policy for ZoneMinder on CentOS 7. We will gladly accept pull + reqeusts from anyone who wishes to do the work. In the meantime, SELinux + will need to be disabled or put into permissive mode. - Maintaining an accurate SELinux policy file that does not create issues has - been a struggle. If SELinux blocks nortmal ZoneMinder acitivity, or you - feel you just don't need it, SELinux can be disabled for the current running - session with the following command: + To immediately disbale SELinux for the current seesion, issue the following + from the command line: sudo setenforce 0 @@ -99,29 +98,35 @@ Upgrades 2. Verify permissions of the zmuser account. - Overtime, the database account permissions required for normal operation + Over time, the database account permissions required for normal operation have changed. Verify the zmuser database account has been granted select, - insert, update, delete, lock tables, and alter permission to the ZoneMinder - database: + insert, update, delete, lock tables, alter, and create permission to the + ZoneMinder database: mysql -u root -p mysql> show grants for zmuser@localhost; mysql> exit; -3. Verify the database was upgraded automatically. + See step 2 of the Installation section to add missing permissions. - From the web console, ZoneMinder should show a status of "Running", and the - version number should have incremented. +3. Verify the ZoneMinder Apache configuration file in the folder + /etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there + may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file + exists, inspect it and merge anything new in that file with zoneminder.conf. - If it is not running, then try to start it. The web console will indicate - if there is a database version conflict. If this is the case, then you may - need to manually update the database from the command line: +4. Upgrade the database before starting ZoneMinder. + + Most upgrades can be performed by executing the following command: sudo zmupdate.pl - Modern versions of ZoneMinder don't require any parameters added to the + Recent versions of ZoneMinder don't require any parameters added to the zmupdate command. However, if ZoneMinder complains, you may need to call zmupdate in the following manner: sudo zmupdate.pl --user=root --pass= --version= +5. Now start zoneminder: + + sudo systemctl start zoneminder + diff --git a/distros/redhat/README.https b/distros/redhat/README.https new file mode 100644 index 000000000..23affeb96 --- /dev/null +++ b/distros/redhat/README.https @@ -0,0 +1,25 @@ +HTTPS is now a requirement +========================== + +This package now depends on Apache's mod_ssl pacakge. This will automatically +be installed along with ZoneMinder. Upon installation, the mod_ssl package +will create a default, self-signed certificate. This is the certificate that +ZoneMinder will use out of the box. + +Since the certificate is self-signed, you will get a warning from your browser +the first time you access the web portal. This is normal. + +This is not intended to be an all encompasing solution for everyone. ZoneMinder +will work just fine over HTTPS the way it is currently configured. However, +here are a couple of considerations you may want to take. + +1. Create your own certificate. The CentOS wiki has a guide that describes how + to do this: https://wiki.centos.org/HowTos/Https . Additionally, Googling + "centos certificate" reveals many articles on the subject. Note that some + third party applications, such as zmNinja, will require you to create a + certificate different than the default certificate on your machine. + +2. You can turn off HTTPS entirely by simply commenting out the SSLRequireSSL + directives found in /etc/httpd/conf.d/zoneminder.conf. You should also + comment out the HTTP -> HTTPS Rewrite rule. + diff --git a/distros/redhat/zoneminder.el6.conf.in b/distros/redhat/zoneminder.el6.conf.in index 61e0530f8..0fbee6a62 100644 --- a/distros/redhat/zoneminder.el6.conf.in +++ b/distros/redhat/zoneminder.el6.conf.in @@ -1,26 +1,26 @@ -# When using Zoneminder's own authentication, recorded CCTV images are -# accessible from the web directly without passing the authentication. This -# means any attacker could see your CCTV images without a password. In order -# to avoid this you can disable Zoneminder's authentication and configure -# standard Apache authentication (see the Apache documentation for details on -# this). # -# If you still wish to use Zoneminder's own authentication, or have an -# internal site which needs no authentication, you need to delete the line -# marked below and restart Apache. +# ZoneMinder Apache configuration file +# With SSLRequire and HTTPS auto redirect +# Modify this configuration to suit your requirements +# + +# Auto Redirect HTTP requests to HTTPS +RewriteEngine On +RewriteCond %{HTTPS} !=on +RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L] Alias /zm "@ZM_WEBDIR@" + SSLRequireSSL Options -Indexes MultiViews FollowSymLinks AllowOverride All Order allow,deny Allow from all - # ZoneMinder no longer uses short tags so this is safe to leave disabled - # php_value short_open_tag 1 -ScriptAlias /cgi-bin/zm "@ZM_WEBDIR@" - +ScriptAlias /cgi-bin/zm "@ZM_CGIDIR@" + + SSLRequireSSL AllowOverride All Options ExecCGI FollowSymLinks Order allow,deny diff --git a/distros/redhat/zoneminder.el6.spec b/distros/redhat/zoneminder.el6.spec index 3a65a80db..d9487e480 100644 --- a/distros/redhat/zoneminder.el6.spec +++ b/distros/redhat/zoneminder.el6.spec @@ -30,8 +30,8 @@ BuildRequires: libcurl-devel vlc-devel ffmpeg-devel polkit-devel # cmake needs the following installed at build time due to the way it auto-detects certain parameters BuildRequires: httpd ffmpeg -Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo polkit net-tools psmisc -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo polkit net-tools mod_ssl +Requires: psmisc perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip) Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP) Requires: libcurl vlc-core ffmpeg @@ -96,8 +96,20 @@ echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wa /usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null /usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null -# Display the README for post installation instructions -/usr/bin/less %{_docdir}/%{name}-%{version}/README.CentOS +# Upgrade from a previous version of zoneminder +if [ $1 -eq 2 ] ; then + # Freshen the database + /usr/bin/zmupdate.pl -f + + # We can't run this automatically when new sql account permissions need to + # be manually added first + # Run zmupdate non-interactively + #/usr/bin/zmupdate.pl --nointeractive +fi + +# Warn the end user to read the README file +echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos to finish the\ninstallation or upgrade!\n" +echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n" %preun if [ $1 -eq 0 ]; then @@ -146,7 +158,7 @@ rm -rf %{_docdir}/%{name}-%{version} #%{_bindir}/zmonvif-probe.pl %{perl_vendorlib}/ZoneMinder* -%{perl_vendorlib}/%{_arch}-linux-thread-multi/auto/ZoneMinder* +%{perl_vendorarch}/auto/ZoneMinder/.packlist #%{perl_vendorlib}/ONVIF* #%{perl_vendorlib}/WSDiscovery* #%{perl_vendorlib}/WSSecurity* @@ -170,6 +182,9 @@ rm -rf %{_docdir}/%{name}-%{version} %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload %changelog +* Tue Sep 8 2015 Andrew Bauer - 1.28.1 +- Require https, freshen dB on updates. + * Wed Feb 18 2015 Andrew Bauer - 1.28.1 - Include ONVIF support files diff --git a/distros/redhat/zoneminder.el7.conf.in b/distros/redhat/zoneminder.el7.conf.in index 28bada18e..564e4ccbd 100644 --- a/distros/redhat/zoneminder.el7.conf.in +++ b/distros/redhat/zoneminder.el7.conf.in @@ -1,16 +1,17 @@ -# When using Zoneminder's own authentication, recorded CCTV images are -# accessible from the web directly without passing the authentication. This -# means any attacker could see your CCTV images without a password. In order -# to avoid this you can disable Zoneminder's authentication and configure -# standard Apache authentication (see the Apache documentation for details on -# this). # -# If you still wish to use Zoneminder's own authentication, or have an -# internal site which needs no authentication, you need to delete the line -# marked below and restart Apache. +# ZoneMinder Apache configuration file +# With SSLRequire and HTTPS auto redirect +# Modify this configuration to suit your requirements +# + +# Auto Redirect HTTP requests to HTTPS +RewriteEngine On +RewriteCond %{HTTPS} !=on +RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L] Alias /zm "@ZM_WEBDIR@" + SSLRequireSSL Options -Indexes +MultiViews +FollowSymLinks AllowOverride All @@ -22,12 +23,11 @@ Alias /zm "@ZM_WEBDIR@" Order deny,allow Allow from all - # ZoneMinder no longer uses short tags so this is safe to leave disabled - # php_value short_open_tag 1 ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@" + SSLRequireSSL AllowOverride All Options +ExecCGI +FollowSymLinks @@ -40,3 +40,4 @@ ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@" Allow from all + diff --git a/distros/redhat/zoneminder.el7.spec b/distros/redhat/zoneminder.el7.spec index 1d53cbdd5..d4ab8c3af 100644 --- a/distros/redhat/zoneminder.el7.spec +++ b/distros/redhat/zoneminder.el7.spec @@ -32,8 +32,8 @@ BuildRequires: ffmpeg ffmpeg-devel perl(X10::ActiveHome) perl(Astro::SunTime) # cmake needs the following installed at build time due to the way it auto-detects certain parameters BuildRequires: httpd polkit-devel -Requires: httpd php php-gd php-mysql mariadb-server polkit net-tools psmisc -Requires: libjpeg-turbo vlc-core libcurl +Requires: httpd php php-gd php-mysql mariadb-server polkit net-tools mod_ssl +Requires: psmisc libjpeg-turbo vlc-core libcurl Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip) Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP) @@ -87,20 +87,27 @@ fi /usr/bin/gpasswd -a %{zmuid_final} video /usr/bin/gpasswd -a %{zmuid_final} dialout +# Disabled. SELinux policy does not work for RHEL 7. # Create and load zoneminder selinux policy module -echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n" -/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null -/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null -/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null +#echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n" +#/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null +#/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null +#/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null # Upgrade from a previous version of zoneminder if [ $1 -eq 2 ] ; then + # Freshen the database + /usr/bin/zmupdate.pl -f + + # We can't run this automatically when new sql account permissions need to + # be manually added first # Run zmupdate non-interactively - /usr/bin/zmupdate.pl --nointeractive + #/usr/bin/zmupdate.pl --nointeractive fi -# Display the README for post installation instructions -/usr/bin/less %{_docdir}/%{name}-%{version}/README.Centos7 +# Warn the end user to read the README file +echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos7 to finish the\ninstallation or upgrade!\n" +echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n" %preun if [ $1 -eq 0 ] ; then @@ -184,6 +191,9 @@ fi %changelog +* Mon Sep 7 2015 Andrew Bauer - 1.28.1 +- Require https, disable selinux module, freshen dB on updates. + * Sun Feb 8 2015 Andrew Bauer - 1.28.1 - Initial release for CentOS 7. diff --git a/docs/userguide/definezone.rst b/docs/userguide/definezone.rst index 1a221b196..d3eaeb8c6 100644 --- a/docs/userguide/definezone.rst +++ b/docs/userguide/definezone.rst @@ -17,7 +17,7 @@ Name Each Zone can be named for reference purposes. It is used for logging and debugging. Choose a name that helps you identify your zones. Type - This is one of the more important concepts in ZoneMinder and there are five to choose from. + This is one of the more important concepts in ZoneMinder and there are six to choose from. * Active Triggers an alarm when motion is detected within it. This is the zone type you'll use most often, and which will be set for your default zone. Only Active and Exclusive zones can trigger an alarm. @@ -32,7 +32,10 @@ Type This zone type is relatively recent. It is called a Preclusive zone because if it is triggered it actually precludes an alarm being generated for that image frame. So motion or other changes that occur in a Preclusive zone will have the effect of ensuring that no alarm occurs at all. The application for this zone type is primarily as a shortcut for detecting general large-scale lighting or other changes. Generally this may be achieved by limiting the maximum number of alarm pixels or other measure in an Active zone. However in some cases that zone may cover an area where the area of variable illumination occurs in different places as the sun and/or shadows move and it thus may be difficult to come up with general values. Additionally, if the sun comes out rapidly then although the initial change may be ignored in this way as the reference image catches up an alarm may ultimately be triggered as the image becomes less different. Using one or more Preclusive zones offers a different approach. Preclusive zones are designed to be fairly small, even just a few pixels across, with quite low alarm thresholds. They should be situated in areas of the image that are less likely to have motion occur such as high on a wall or in a corner. Should a general illumination change occur they would be triggered at least as early as any Active zones and prevent any other zones from generating an alarm. Obviously careful placement is required to ensure that they do not cancel any genuine alarms or that they are not so close together that any motion just hops from one Preclusive zone to another. Preclusive zones may also be used to reduce processing time by situating one over an Active zone. The Preclusive zone is processed first; if it is small, and is triggered, the rest of the zone/image will not be processed. * Inactive - Suppresses the detection of motion within it. This can be layered on top of any other zone type, preventing motion within the Inactive zone from being effective for any other zone type. Use inactive zones to cover areas in which nothing notable will ever happen or where you get false alarms that don't relate to what you are trying to monitor. Inactive zones may be overlaid on other zones to blank out areas, and are processed first. As a general practice, you should try and make zones abut each other instead of overlapping to avoid repeated duplicate processing of the same area. + Suppresses the detection of motion within it. This can be layered on top of any other zone type, preventing motion within the Inactive zone from being effective for any other zone type. Use inactive zones to cover areas in which nothing notable will ever happen or where you get false alarms that don't relate to what you are trying to monitor. Inactive zones may be overlaid on other zones to blank out areas, and are processed first (with the exception of Privacy zones, see below). As a general practice, you should try and make zones abut each other instead of overlapping to avoid repeated duplicate processing of the same area. + + * Privacy + Blackens the pixels within it. This can be used if you want to hide some regions in the image if the situation does not allow an other solution. This zone type is different to all the others in that it gets processed as soon as possible during capture (even before the timestamp gets into the image) and not in the analyzing process. So if you add, change or delete a Privacy zone, you don't see the changes in the image until the capture process gets restarted. This will be done automatically, but needs a few seconds. Preset The preset chooser sets sensible default values based on computational needs (fast v. best) and sensitivity (low, medium, high.) It is not required that you select a preset, and you can alter any of the parameters after choosing a preset. For a small number of monitors with ZoneMinder running on modern equipment, Best, high sensitivity can be chosen as a good starting point. diff --git a/docs/userguide/filterevents.rst b/docs/userguide/filterevents.rst index 10f7f92d1..4d7a50fd5 100644 --- a/docs/userguide/filterevents.rst +++ b/docs/userguide/filterevents.rst @@ -184,3 +184,4 @@ If your filter is not working, here are some useful tips: * Run ``sudo zmfilter.pl -f `` from command line and see the log output * Check how long your action is taking - zmfilter.pl will wait for the action to complete before it checks again * If you are using relative times like 'now' or '1 year ago' etc. remember that zmfilter converts that relative time to an absolute date only when it reloads filters, which is dictated by the FILTER_RELOAD_DELAY duration. So, for example, if you are wondering why your events are not being detected before intervals of 5 minutes and you have used such a relative condition, this is why +* In the event that you see your new filter is working great when you try it out from the Web Console (using the Submit or Execute button) but does not seem to work when its running in background mode, you might have just chanced upon a compatibility issue between how Perl and PHP translate free form text to dates/times. When you test it via the "Submit" or "Execute" button, you are invoking a PHP function for time conversion. When the filter runs in background mode, zmfilter.pl calls a perl equivalent function. In some cases, depending on the version of Perl and PHP you have, the results may vary. If you face this situation, the best thing to do is to run ``sudo zmfilter.pl -f `` from a terminal to make sure the filter actually works in Perl as well. diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index e55e856e4..7fff3d62e 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -357,6 +357,60 @@ our @options = type => $types{boolean}, category => "system", }, + # PP - Google reCaptcha settings + { + name => "ZM_OPT_USE_GOOG_RECAPTCHA", + default => "no", + description => "Add Google reCaptcha to login page", + help => qqq(" + This option allows you to include a google + reCaptcha validation at login. This means in addition to providing + a valid usernane and password, you will also have to + pass the reCaptcha test. Please note that enabling this + option results in the zoneminder login page reach out + to google servers for captcha validation. Also please note + that enabling this option will break 3rd party clients + like zmNinja and zmView as they also need to login to ZoneMinder + and they will fail the reCaptcha test. + "), + requires => [ + {name=>"ZM_OPT_USE_AUTH", value=>"yes"} + ], + type => $types {boolean}, + category => "system", + }, + + { + name => "ZM_OPT_GOOG_RECAPTCHA_SITEKEY", + default => "...Insert your recaptcha site-key here...", + description => "Your recaptcha site-key", + help => qqq("You need to generate your keys from + the Google reCaptcha website. + Please refer to https://www.google.com/recaptcha/ + for more details. + "), + requires => [ + {name=>"ZM_OPT_USE_GOOG_RECAPTCHA", value=>"yes"} + ], + type => $types {string}, + category => "system", + }, + { + name => "ZM_OPT_GOOG_RECAPTCHA_SECRETKEY", + default => "...Insert your recaptcha secret-key here...", + description => "Your recaptcha secret-key", + help => qqq("You need to generate your keys from + the Google reCaptcha website. + Please refer to https://www.google.com/recaptcha/ + for more details. + "), + requires => [ + {name=>"ZM_OPT_USE_GOOG_RECAPTCHA", value=>"yes"} + ], + type => $types {string}, + category => "system", + }, + { name => "ZM_DIR_EVENTS", default => "events", diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index 3638707c6..4455917e6 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -2224,11 +2224,11 @@ int Monitor::LoadRemoteMonitors( const char *protocol, const char *host, const c static char sql[ZM_SQL_MED_BUFSIZ]; if ( !protocol ) { - strncpy( sql, "select Id, Name, Function+0, Enabled, LinkedMonitors, Protocol, Method, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif from Monitors where Function != 'None' and Type = 'Remote'", sizeof(sql) ); + strncpy( sql, "select Id, Name, Function+0, Enabled, LinkedMonitors, Protocol, Method, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, RTSPDescribe, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif from Monitors where Function != 'None' and Type = 'Remote'", sizeof(sql) ); } else { - snprintf( sql, sizeof(sql), "select Id, Name, Function+0, Enabled, LinkedMonitors, Protocol, Method, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif from Monitors where Function != 'None' and Type = 'Remote' and Protocol = '%s' and Host = '%s' and Port = '%s' and Path = '%s'", protocol, host, port, path ); + snprintf( sql, sizeof(sql), "select Id, Name, Function+0, Enabled, LinkedMonitors, Protocol, Method, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, RTSPDescribe, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif from Monitors where Function != 'None' and Type = 'Remote' and Protocol = '%s' and Host = '%s' and Port = '%s' and Path = '%s'", protocol, host, port, path ); } if ( mysql_query( &dbconn, sql ) ) { @@ -2267,7 +2267,8 @@ int Monitor::LoadRemoteMonitors( const char *protocol, const char *host, const c int colours = atoi(dbrow[col]); col++; /* int palette = atoi(dbrow[col]); */ col++; Orientation orientation = (Orientation)atoi(dbrow[col]); col++; - unsigned int deinterlacing = atoi(dbrow[col]); col++; + unsigned int deinterlacing = atoi(dbrow[col]); col++; + bool rtsp_describe = (*dbrow[col] != '0'); col++; int brightness = atoi(dbrow[col]); col++; int contrast = atoi(dbrow[col]); col++; int hue = atoi(dbrow[col]); col++; @@ -2332,6 +2333,7 @@ int Monitor::LoadRemoteMonitors( const char *protocol, const char *host, const c path, // Path cam_width, cam_height, + rtsp_describe, colours, brightness, contrast, @@ -2699,7 +2701,7 @@ int Monitor::LoadFfmpegMonitors( const char *file, Monitor **&monitors, Purpose Monitor *Monitor::Load( int id, bool load_zones, Purpose purpose ) { static char sql[ZM_SQL_MED_BUFSIZ]; - snprintf( sql, sizeof(sql), "select Id, Name, Type, Function+0, Enabled, LinkedMonitors, Device, Channel, Format, V4LMultiBuffer, V4LCapturesPerFrame, Protocol, Method, Host, Port, Path, Options, User, Pass, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, SignalCheckColour, Exif from Monitors where Id = %d", id ); + snprintf( sql, sizeof(sql), "select Id, Name, Type, Function+0, Enabled, LinkedMonitors, Device, Channel, Format, V4LMultiBuffer, V4LCapturesPerFrame, Protocol, Method, Host, Port, Path, Options, User, Pass, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, RTSPDescribe, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, SignalCheckColour, Exif from Monitors where Id = %d", id ); if ( mysql_query( &dbconn, sql ) ) { Error( "Can't run query: %s", mysql_error( &dbconn ) ); @@ -2766,6 +2768,7 @@ Debug( 1, "Got %d for v4l_captures_per_frame", v4l_captures_per_frame ); int palette = atoi(dbrow[col]); col++; Orientation orientation = (Orientation)atoi(dbrow[col]); col++; unsigned int deinterlacing = atoi(dbrow[col]); col++; + bool rtsp_describe = (*dbrow[col] != '0'); col++; int brightness = atoi(dbrow[col]); col++; int contrast = atoi(dbrow[col]); col++; int hue = atoi(dbrow[col]); col++; @@ -2867,6 +2870,7 @@ Debug( 1, "Got %d for v4l_captures_per_frame", v4l_captures_per_frame ); path.c_str(), cam_width, cam_height, + rtsp_describe, colours, brightness, contrast, diff --git a/src/zm_remote_camera_rtsp.cpp b/src/zm_remote_camera_rtsp.cpp index 9f7b39227..b7b976996 100644 --- a/src/zm_remote_camera_rtsp.cpp +++ b/src/zm_remote_camera_rtsp.cpp @@ -28,9 +28,10 @@ #include #include -RemoteCameraRtsp::RemoteCameraRtsp( int p_id, const std::string &p_method, const std::string &p_host, const std::string &p_port, const std::string &p_path, int p_width, int p_height, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture ) : +RemoteCameraRtsp::RemoteCameraRtsp( int p_id, const std::string &p_method, const std::string &p_host, const std::string &p_port, const std::string &p_path, int p_width, int p_height, bool p_rtsp_describe, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture ) : RemoteCamera( p_id, "rtsp", p_host, p_port, p_path, p_width, p_height, p_colours, p_brightness, p_contrast, p_hue, p_colour, p_capture ), - rtspThread( 0 ) + rtspThread( 0 ), + rtsp_describe( p_rtsp_describe ) { if ( p_method == "rtpUni" ) method = RtspThread::RTP_UNICAST; @@ -125,7 +126,7 @@ void RemoteCameraRtsp::Terminate() int RemoteCameraRtsp::Connect() { - rtspThread = new RtspThread( id, method, protocol, host, port, path, auth ); + rtspThread = new RtspThread( id, method, protocol, host, port, path, auth, rtsp_describe ); rtspThread->start(); diff --git a/src/zm_remote_camera_rtsp.h b/src/zm_remote_camera_rtsp.h index b5a1e3c89..71debf40b 100644 --- a/src/zm_remote_camera_rtsp.h +++ b/src/zm_remote_camera_rtsp.h @@ -40,10 +40,11 @@ protected: int rtsp_sd; int rtp_sd; int rtcp_sd; + bool rtsp_describe; Buffer buffer; - Buffer lastSps; - Buffer lastPps; + Buffer lastSps; + Buffer lastPps; RtspThread::RtspMethod method; @@ -66,18 +67,19 @@ protected: #endif public: - RemoteCameraRtsp( int p_id, const std::string &method, const std::string &host, const std::string &port, const std::string &path, int p_width, int p_height, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture ); + RemoteCameraRtsp( int p_id, const std::string &method, const std::string &host, const std::string &port, const std::string &path, int p_width, int p_height, bool p_rtsp_describe, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture ); ~RemoteCameraRtsp(); void Initialise(); void Terminate(); - int Connect(); - int Disconnect(); + int Connect(); + int Disconnect(); int PrimeCapture(); int PreCapture(); int Capture( Image &image ); int PostCapture(); + }; #endif // ZM_REMOTE_CAMERA_RTSP_H diff --git a/src/zm_rtsp.cpp b/src/zm_rtsp.cpp index 556174291..0dbcb7329 100644 --- a/src/zm_rtsp.cpp +++ b/src/zm_rtsp.cpp @@ -167,13 +167,14 @@ void RtspThread::releasePorts( int port ) smAssignedPorts.erase( port ); } -RtspThread::RtspThread( int id, RtspMethod method, const std::string &protocol, const std::string &host, const std::string &port, const std::string &path, const std::string &auth) : +RtspThread::RtspThread( int id, RtspMethod method, const std::string &protocol, const std::string &host, const std::string &port, const std::string &path, const std::string &auth, bool rtsp_describe) : mId( id ), mMethod( method ), mProtocol( protocol ), mHost( host ), mPort( port ), mPath( path ), + mRtspDescribe( rtsp_describe ), mSessDesc( 0 ), mFormatContext( 0 ), mSeq( 0 ), @@ -382,20 +383,23 @@ int RtspThread::run() if( sdpStart == std::string::npos ) return( -1 ); - std::string DescHeader = response.substr( 0,sdpStart ); - Debug( 1, "Processing DESCRIBE response header '%s'", DescHeader.c_str() ); + if ( mRtspDescribe ) + { + std::string DescHeader = response.substr( 0,sdpStart ); + Debug( 1, "Processing DESCRIBE response header '%s'", DescHeader.c_str() ); - lines = split( DescHeader, "\r\n" ); - for ( size_t i = 0; i < lines.size(); i++ ) - { - // If the device sends us a url value for Content-Base in the response header, we should use that instead - if ( ( lines[i].size() > 13 ) && ( lines[i].substr( 0, 13 ) == "Content-Base:" ) ) - { - mUrl = trimSpaces( lines[i].substr( 13 ) ); - Info("Received new Content-Base in DESCRIBE response header. Updated device Url to: '%s'", mUrl.c_str() ); - break; - } - } + lines = split( DescHeader, "\r\n" ); + for ( size_t i = 0; i < lines.size(); i++ ) + { + // If the device sends us a url value for Content-Base in the response header, we should use that instead + if ( ( lines[i].size() > 13 ) && ( lines[i].substr( 0, 13 ) == "Content-Base:" ) ) + { + mUrl = trimSpaces( lines[i].substr( 13 ) ); + Info("Received new Content-Base in DESCRIBE response header. Updated device Url to: '%s'", mUrl.c_str() ); + break; + } + } + } sdpStart += endOfHeaders.length(); diff --git a/src/zm_rtsp.h b/src/zm_rtsp.h index 937646b6d..f5dcb9552 100644 --- a/src/zm_rtsp.h +++ b/src/zm_rtsp.h @@ -50,6 +50,7 @@ private: private: int mId; + bool mRtspDescribe; RtspMethod mMethod; std::string mProtocol; std::string mHost; @@ -95,7 +96,7 @@ private: void checkAuthResponse(std::string &response); public: - RtspThread( int id, RtspMethod method, const std::string &protocol, const std::string &host, const std::string &port, const std::string &path, const std::string &auth); + RtspThread( int id, RtspMethod method, const std::string &protocol, const std::string &host, const std::string &port, const std::string &path, const std::string &auth, bool rtsp_describe ); ~RtspThread(); public: diff --git a/version b/version index 8424efb95..71864bd8d 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.28.105 +1.28.106 diff --git a/web/includes/actions.php b/web/includes/actions.php index 3ddf1bb40..f6a1f9aa5 100644 --- a/web/includes/actions.php +++ b/web/includes/actions.php @@ -18,6 +18,31 @@ // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // + +// PP - POST request handler for PHP which does not need extensions +// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/ + +function do_post_request($url, $data, $optional_headers = null) +{ + $params = array('http' => array( + 'method' => 'POST', + 'content' => $data + )); + if ($optional_headers !== null) { + $params['http']['header'] = $optional_headers; + } + $ctx = stream_context_create($params); + $fp = @fopen($url, 'rb', false, $ctx); + if (!$fp) { + throw new Exception("Problem with $url, $php_errormsg"); + } + $response = @stream_get_contents($fp); + if ($response === false) { + throw new Exception("Problem reading data from $url, $php_errormsg"); + } + return $response; +} + function getAffectedIds( $name ) { $names = $name."s"; @@ -42,6 +67,28 @@ if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST[ if ( !empty($action) ) { + // PP - lets validate reCaptcha if it exists + if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY && ZM_OPT_GOOG_RECAPTCHA_SITEKEY) + { + $url = 'https://www.google.com/recaptcha/api/siteverify'; + $fields = array ( + 'secret'=> ZM_OPT_GOOG_RECAPTCHA_SECRETKEY, + 'response' => $_REQUEST['g-recaptcha-response'], + 'remoteip'=> $_SERVER['REMOTE_ADDR'] + + ); + $res= do_post_request($url, http_build_query($fields)); + $result = json_decode($res); + if ($result->success != 'true') + { + userLogout(); + $view='login'; + $refreshParent = true; + + } + + } + // General scope actions if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) ) { @@ -445,7 +492,8 @@ if ( !empty($action) ) 'TrackMotion' => 'toggle', 'Enabled' => 'toggle', 'DoNativeMotDet' => 'toggle', - 'Exif' => 'toggle' + 'Exif' => 'toggle', + 'RTSPDescribe' => 'toggle', ); $columns = getTableColumns( 'Monitors' ); diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index bf0258caf..76a71e301 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -256,6 +256,7 @@ $SLANG = array( 'DefaultScale' => 'Default Scale', 'DefaultView' => 'Default View', 'Deinterlacing' => 'Deinterlacing', + 'RTSPDescribe' => 'Use RTSP Response Media URL', 'Delay' => 'Delay', 'DeleteAndNext' => 'Delete & Next', 'DeleteAndPrev' => 'Delete & Prev', @@ -903,7 +904,13 @@ $OLANG = array( 'OPTIONS_EXIF' => array( 'Help' => "Enable this option to embed EXIF data into each jpeg frame." ), - + 'OPTIONS_RTSPDESCRIBE' => array( + 'Help' => "Sometimes, during the intial RTSP handshake, the camera will send an updated media URL. ". + "Enable this option to tell ZoneMinder to use this URL. Disable this option to ignore the ". + "value from the camera and use the value as entered in the monitor configuration~~~~". + "Generally this should be enabled. However, there are cases where the camera can get its". + "own URL incorrect, such as when the camera is streaming through a firewall" + ), // 'LANG_DEFAULT' => array( // 'Prompt' => "This is a new prompt for this option", diff --git a/web/skins/classic/views/login.php b/web/skins/classic/views/login.php index d89a94319..b91293965 100644 --- a/web/skins/classic/views/login.php +++ b/web/skins/classic/views/login.php @@ -20,6 +20,13 @@ xhtmlHeaders(__FILE__, translate('Login') ); ?> + + "; + } +?>
diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index 5920409ad..369319608 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -78,6 +78,7 @@ if ( ! empty($_REQUEST['mid']) ) { 'Height' => "240", 'Orientation' => "0", 'Deinterlacing' => 0, + 'RTSPDescribe' => 0, 'LabelFormat' => '%N - %d/%m/%y %H:%M:%S', 'LabelX' => 0, 'LabelY' => 0, @@ -563,6 +564,12 @@ if ( $tab != 'source' ) + + @@ -823,6 +830,14 @@ switch ( $tab ) + +  () checked="checked"/> +