Tvheadend

It's back!
I've forced my pvr.hts to latest (as discussed on irc today), and now in my TV DB in xbmc I have:

INSERT INTO "channels" VALUES;
INSERT INTO "channels" VALUES;

But no icons, so I checked and its still giving a 401 for some reason, I tried manually using wget:

wget http://user:[email protected]:9981/imagecache/6
--2013-01-25 19:03:00-- http://user:*password*@192.168.55.3:9981/imagecache/6
Connecting to 192.168.55.3:9981... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to 192.168.55.3:9981.
HTTP request sent, awaiting response... 401 Unauthorized
Authorisation failed.

And in TVH logs:

Jan 25 19:01:25 [ERROR]:HTTP: 192.168.55.3: /imagecache/6 -- 401
Jan 25 19:01:25 [ERROR]:HTTP: 192.168.55.3: /imagecache/6 -- 401

So looks like for some reason its not liking the authentication. Can you retry on your system and see if you can duplicate?

Am going to try a few tweaks and see if I can isolate the issue also.

Andy,

Do you know if this is for specific entries or just some? I've had a quick go on my machine with a random selection and it works.

Also can you try accessing those in a webbrowser and see what happens?

Do you have any symbols in your passwords (mine are VERY simplistic as I have never required anything secure), could be a problem with not properly encoding for URLs?

Adam

Ta for replying, happy to take offline if you prefer btw.

It's now for all entries, I cleared out the entire DB, so it repopulated with the user/pass pairs in the DB so at least that bit worked.

If I try in a browser it keeps prompting for the password, suggesting its not accepting the password for some reason.
BUT, If I then put in the superuser username/password the image loads.

So I've started looking into my users, two users for xbmc are defined (Passwords are plain too, literally just 5 characters username+5 chars password, nothing secure as its all on my lan).

The two user/pass files are:

cat .hts/tvheadend/accesscontrol/1
{
    "enabled": 1,
    "username": "xbmc",
    "password": "xxx",
    "comment": "New entry",
    "prefix": "0.0.0.0/0",
    "streaming": 1,
    "dvr": 1,
    "webui": 1,
    "admin": 1,
    "id": "1" 
}
cat .hts/tvheadend/accesscontrol/6
{
    "enabled": 1,
    "username": "xbmc2",
    "password": "xxx",
    "comment": "New entry",
    "prefix": "0.0.0.0/0",
    "streaming": 1,
    "dvr": 1,
    "dvrallcfg": 1,
    "webui": 1,
    "admin": 1,
    "id": "6" 
}

So from the above, xbmc2 does not work, xbmc does work. Any ideas how to debug as there must be something underlying buggy somewhere in auth method, possibly because two usernames very similar?

Any ideas!

Actually that reminds of something someone mentioned about usernames, but I can't remember who and exactly in what context. Yeah not very enlightening!

Well I tried that, my usernames were xbmc and xbmc2 with password = username + "test". I was able to successfully log into the UI as both users.

There are some odd things about the way the browsers send auth, so you might have to close the browser and re-open when you try switching accounts.

Ah, and another things, those 401 errors are fairly normal, they will happen before each valid request because the way HTTP libs work is they request the URL, get a 401 error (with some details about the required auth) and then based on the response (if they have auth) can then make an authenticated request. So don't be fooled by the presence of 401 errors.

I've just double checked by doing wget requests for an imagecache URL using both usernames, no issue.

Adam

Hm very strange. Yes I was closing browsers between sessions to make sure I wasn't getting cached auth getting passed over, and I noticed the 401 initially on first hit, I then got a second 401 after adding my auth details so there does appear to be something causing the auth to fail on the tvh side.
(I've lost all my icons in xbmc now, so the db has fully updated to the correct ones with auth, and all are getting 401's now, but think we can eliminate the xbmc side now as I can reproduce with browser and/or wget too)

I'll put a bit of debugging on here and try it out, see if I can isolate what's going on with the auth mechanism.

Oh actually, I've just spotted something here, it might be even worse than we first thought! I suspect the HTSP isn't checking auth properly in some cases and just letting in valid usernames without password checking!

In my DB in xbmc I'm getting:

INSERT INTO "channels" VALUES(3,197,0,0,0,0,'http://xbmc2:[email protected]:9981/imagecache/59','BBC One HD',0,1,'client',0,1,101,'','',0,3);
INSERT INTO "channels" VALUES(4,580,0,0,0,0,'http://xbmc2:[email protected]:9981/imagecache/26','BBC Two England',0,1,'client',0,1,102,'','',0,4);

Notice how its username of xbmc2 and password of xbmc? So I checked in the pvr.hts config file that it matched:
<setting id="pass" value="xbmc" />
<setting id="user" value="xbmc2" />

So far so good, then I checked the access file in tvh:

{
"enabled": 1,
"username": "xbmc2",
"password": "xbmc2",
"comment": "New entry",
"prefix": "0.0.0.0/0",
"streaming": 1,
"dvr": 1,
"dvrallcfg": 1,
"webui": 1,
"admin": 1,
"id": "6"
}
Umm, so the pass should be 'xbmc2', but yet I'm sat watching the tv in xbmc thats sending 'xbmc' as the password!

But I also have a user:

{
"enabled": 1,
"username": "xbmc",
"password": "xbmc",
"comment": "New entry",
"prefix": "0.0.0.0/0",
"streaming": 1,
"dvr": 1,
"webui": 1,
"admin": 1,
"id": "1"
}

So I'm wondering, is TVH just simply checking for any valid username. Then any valid password, i.e. not checking the combination/pair just merely if it has a valid username and valid password somewhere?

Hmmm,

You might not be entirely wrong, just investigating.

Adam