Project

General

Profile

Bug #2252

Authentication issue

Added by Sebastian Brings about 10 years ago. Updated about 10 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
Configuration
Target version:
-
Start date:
2014-08-24
Due date:
% Done:

100%

Estimated time:
Found in version:
3.9.1330
Affected Versions:

Description

This may be a duplicate of 2221 ?
With both 3.9.1330 and 3.9.1353 I fail to log in into web interface. What I try to do to fix this is:
- stop tvheadend
- sudo i to root account, then "su - hts" to hts account
 cd /home/hts/.hts/tvheadend ; rm r accesscontrol
 run "tvheadend C" to recreate all open access
-> now I can access the webinterface and do configuration. I add apersonal account there.
- stop tvheadend by "^C" (note, this often gives a segmentation fault:
...
2014-08-24 18:49:53.977 [ INFO] mpegts: 418 in KMS (0xd37070) - deleting
2014-08-24 18:49:53.977 [ INFO] mpegts: 130 in KMS (0xb62688) - deleting
2014-08-24 18:49:53.977 [ INFO] mpegts: 578 in KMS (0xd360b8) - deleting
Segmentation fault

...

Then start tvheadend via sudo /etc/init.d/tvheadend start. ps -ef shows:

hts 23663 1 1 18:50 ? 00:00:09 /usr/bin/tvheadend -f -u hts -g video -c /home/hts/.hts/tvheadend/

content of /home/hts/.hts/tvheadend/accesscontrol:
ls al /home/hts/.hts/tvheadend/accesscontrol/
total 16
drwx----- 2 hts hts 4096 Aug 24 12:13 .
drwx------ 13 hts hts 4096 Aug 24 12:11 ..
rwx----- 1 hts hts 318 Aug 24 12:13 8df33234830f4e7fba3bfb04a9445bc1
rwx----- 1 hts hts 328 Aug 24 12:12 b1891cd836b09b09dd05962b925ca9c9

content of files:
root@raspberry03:/home/hts/.hts/tvheadend# cat /home/hts/.hts/tvheadend/accesscontrol/* {
"index": 1,
"enabled": true,
"username": "sebas",
"password2": "VFZIZWFkZW5kLUhpZGUtKg==",
"prefix": "0.0.0.0/32",
"streaming": true,
"adv_streaming": false,
"dvr": false,
"dvrallcfg": true,
"webui": true,
"admin": true,
"tag_only": false,
"channel_min": 0,
"channel_max": 0,
"comment": "New entry"
} {
"index": 2,
"enabled": true,
"username": "*",
"password2": "VFZIZWFkZW5kLUhpZGUtKg==",
"prefix": "0.0.0.0/0,::/0",
"streaming": true,
"adv_streaming": true,
"dvr": true,
"dvrallcfg": false,
"webui": true,
"admin": true,
"tag_only": false,
"channel_min": 0,
"channel_max": 0,
"comment": "Default access entry"
}

Still I now can not log into web interface, invalid username is reported by browser. I tried to add other accounts with different username/passwod configs but it stays all the same. Messages in daemon.log are simply:

Aug 24 19:06:37 raspberry03 tvheadend23663: HTTP: 192.168.2.100: /extjs.html -- 401

Any idea?

Files

Screen Shot 2014-09-06 at 13.28.42.png (55.6 KB) Screen Shot 2014-09-06 at 13.28.42.png Sebastian Brings, 2014-09-06 13:34

History

#1

Updated by Sebastian Brings about 10 years ago

I tried again with latest git build. I tried both as user hts as well as user root to exclude hidden access rights permission on files or devices. but result is the same, authentication fails when changing the default * user to any other name or when adding a new user and disabling the * user.
here is a transcript of what I tried:

HTS Tvheadend 3.9.1367~gca742e0-dirty
root@raspberry03:~# uname -a
Linux raspberry03 3.12.22+ #1 PREEMPT Sun Jun 15 09:34:20 CEST 2014 armv6l GNU/Linux
  1. Show access rights of dvb device

pi@raspberry03 /dev/dvb $ ls -lR
.:
total 0
drwxr-xr-x 2 hts video 120 Jan 1 1970 adapter0

./adapter0:
total 0
crw-rw---T 1 hts video 212, 4 Jan 1 1970 demux0
crw-rw---T 1 hts video 212, 5 Jan 1 1970 dvr0
crw-rw---T 1 hts video 212, 3 Jan 1 1970 frontend0
crw-rw---T 1 hts video 212, 7 Jan 1 1970 net0

  1. become root to delete previous config in hts home

pi@raspberry03 /dev/dvb $ sudo i
root@raspberry03:~# cd /home/hts
root@raspberry03:/home/hts# ls -al
total 40108
drwxr-xr-x 9 hts hts 4096 Aug 19 14:16 .
drwxr-xr-x 4 root root 4096 Sep 28 2013 ..
-rw------ 1 hts hts 8647 Aug 30 20:55 .bash_history
drwx------ 3 hts hts 4096 Aug 12 11:45 .hts
root@raspberry03:/home/hts# cd .hts
root@raspberry03:/home/hts/.hts# rm -r tvheadend/
root@raspberry03:/home/hts/.hts# sync

  1. now become user hts to do initial startup of tvheadend

root@raspberry03:/home/hts/.hts# su - hts
hts@raspberry03:~$ tvheadend -C
2014-09-05 20:14:00.973 [ INFO] main: Log started
2014-09-05 20:14:03.084 [ INFO] charset: 138 entries loaded
2014-09-05 20:14:03.098 [ INFO] linuxdvb: adapter added /dev/dvb/adapter0
2014-09-05 20:14:03.110 [WARNING] access: Created default wide open access controle entry
2014-09-05 20:14:03.115 [ INFO] CSA: Using 32bit parallel descrambling
2014-09-05 20:14:03.117 [ INFO] epggrab: module eit created
2014-09-05 20:14:03.119 [ INFO] epggrab: module uk_freesat created
2014-09-05 20:14:03.121 [ INFO] epggrab: module uk_freeview created
2014-09-05 20:14:03.123 [ INFO] epggrab: module viasat_baltic created
2014-09-05 20:14:03.184 [ INFO] epggrab: module opentv-skyit created
2014-09-05 20:14:03.186 [ INFO] epggrab: module opentv-ausat created
2014-09-05 20:14:03.188 [ INFO] epggrab: module opentv-skyuk created
2014-09-05 20:14:03.211 [ INFO] epggrab: module pyepg created
2014-09-05 20:14:03.213 [ INFO] epggrab: module xmltv created
2014-09-05 20:14:19.829 [ INFO] epggrab: module /usr/bin/tv_grab_eu_epgdata created
2014-09-05 20:14:19.830 [ INFO] epggrab: module /usr/bin/tv_grab_eu_egon created
2014-09-05 20:14:19.830 [ INFO] epggrab: module /usr/bin/tv_grab_combiner created
2014-09-05 20:14:19.830 [ INFO] epggrab: module /usr/bin/tv_grab_it created
2014-09-05 20:14:19.832 [ INFO] dvr: Creating new configuration ''
2014-09-05 20:14:19.832 [WARNING] dvr: Output directory for video recording is not yet configured for DVR configuration "". Defaulting to to "/home/hts". This can be changed from the web user interface.
2014-09-05 20:14:19.845 [ NOTICE] START: HTS Tvheadend version 3.9.1367~gca742e0-dirty started, running as PID:3121 UID:108 GID:113, CWD:/home/hts CNF:/home/hts/.hts/tvheadend

  1. now I access via webinterface and change the * user to my user. Also I "remember the user/password" in firefox.

2014-09-05 20:15:44.320 [ ERROR] HTTP: 192.168.2.100: /api/mpegts/network/grid -- 401
2014-09-05 20:15:44.323 [ ERROR] HTTP: 192.168.2.100: /api/mpegts/mux/grid -- 401
2014-09-05 20:15:44.326 [ ERROR] HTTP: 192.168.2.100: /api/mpegts/service/grid -- 401
2014-09-05 20:15:44.330 [ ERROR] HTTP: 192.168.2.100: /api/channel/grid -- 401
2014-09-05 20:15:44.333 [ ERROR] HTTP: 192.168.2.100: /api/channeltag/grid -- 401
2014-09-05 20:15:44.350 [ ERROR] HTTP: 192.168.2.100: /api/access/entry/grid -- 401
2014-09-05 20:15:44.375 [ ERROR] HTTP: 192.168.2.100: /api/mpegts/mux_sched/grid -- 401
2014-09-05 20:15:44.416 [ ERROR] HTTP: 192.168.2.100: /api/esfilter/ca/grid -- 401
2014-09-05 20:15:44.420 [ ERROR] HTTP: 192.168.2.100: /api/esfilter/video/grid -- 401
2014-09-05 20:15:44.422 [ ERROR] HTTP: 192.168.2.100: /api/esfilter/audio/grid -- 401
2014-09-05 20:15:44.423 [ ERROR] HTTP: 192.168.2.100: /api/esfilter/teletext/grid -- 401
2014-09-05 20:15:44.424 [ ERROR] HTTP: 192.168.2.100: /api/esfilter/subtit/grid -- 401
2014-09-05 20:15:44.424 [ ERROR] HTTP: 192.168.2.100: /api/esfilter/other/grid -- 401
2014-09-05 20:15:44.494 [ ERROR] HTTP: 192.168.2.100: /static/extjs/resources/images/default/shadow.png -- 401
2014-09-05 20:15:44.497 [ ERROR] HTTP: 192.168.2.100: /static/extjs/resources/images/default/shadow-c.png -- 401
2014-09-05 20:15:44.497 [ ERROR] HTTP: 192.168.2.100: /static/extjs/resources/images/default/shadow-lr.png -- 401
2014-09-05 20:15:52.509 [ ERROR] HTTP: 192.168.2.100: /comet/poll -- 401
2014-09-05 20:16:21.651 [ ERROR] HTTP: 192.168.2.100: /api/hardware/tree -- 401

  1. ot appears that each page gives an 401 error once, but the webinterface works flawless without any unauthorized message by now.
  1. I hit ^C to stop tvheadend

^C
2014-09-05 20:16:46.966 [ INFO] epgdb: saved
2014-09-05 20:16:46.972 [ INFO] epgdb: brands 0
2014-09-05 20:16:46.972 [ INFO] epgdb: seasons 0
2014-09-05 20:16:46.972 [ INFO] epgdb: episodes 0
2014-09-05 20:16:46.972 [ INFO] epgdb: broadcasts 0
2014-09-05 20:16:46.998 [ NOTICE] STOP: Exiting HTS Tvheadend
hts@raspberry03:~$ exit
logout

  1. now as root, I start tvheadend via initscript

root@raspberry03:/home/hts/.hts# /etc/init.d/tvheadend start
[....] Starting Tvheadend: tvheadendINFO . ok

  1. here is the process running

root@raspberry03:/home/hts/.hts# ps -ef
UID PID PPID C STIME TTY TIME CMD
…..
hts 3186 1 4 20:17 ? 00:00:01 /usr/bin/tvheadend -f -u hts -g video -c /home/hts/.hts/tvheadend/
root 3222 3022 0 20:17 pts/0 00:00:00 ps -ef

root@raspberry03:/home/hts/.hts# tail /var/log/daemon.log
Sep 5 20:17:18 raspberry03 tvheadend3186: epggrab: module /usr/bin/tv_grab_it created
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: loaded v2
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: channels 0
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: brands 0
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: seasons 0
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: episodes 0
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: broadcasts 0
Sep 5 20:17:18 raspberry03 tvheadend3186: dvr: Creating new configuration ''
Sep 5 20:17:18 raspberry03 tvheadend3186: dvr: Output directory for video recording is not yet configured for DVR configuration "". Defaulting to to "/home/hts". This can be changed from the web user interface.
Sep 5 20:17:18 raspberry03 tvheadend3186: START: HTS Tvheadend version 3.4~wheezy started, running as PID:3186 UID:108 GID:44, settings located in '/home/hts/.hts/tvheadend/'
root@raspberry03:/home/hts/.hts# tail -f /var/log/daemon.log
Sep 5 20:17:18 raspberry03 tvheadend3186: epggrab: module /usr/bin/tv_grab_it created
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: loaded v2
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: channels 0
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: brands 0
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: seasons 0
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: episodes 0
Sep 5 20:17:18 raspberry03 tvheadend3186: epgdb: broadcasts 0
Sep 5 20:17:18 raspberry03 tvheadend3186: dvr: Creating new configuration ''
Sep 5 20:17:18 raspberry03 tvheadend3186: dvr: Output directory for video recording is not yet configured for DVR configuration "". Defaulting to to "/home/hts". This can be changed from the web user interface.
Sep 5 20:17:18 raspberry03 tvheadend3186: START: HTS Tvheadend version 3.4~wheezy started, running as PID:3186 UID:108 GID:44, settings located in '/home/hts/.hts/tvheadend/'

  1. trying to access the web interface now gives me an endless number of "enter username/password" authentication request windows again, the web ui is not usable this way.
  2. the logfile shows:

Sep 5 20:18:45 raspberry03 tvheadend3186: HTTP: 192.168.2.100: /comet/poll -- 401
Sep 5 20:18:51 raspberry03 tvheadend3186: HTTP: 192.168.2.100: /comet/poll -- 401

#2

Updated by Sebastian Brings about 10 years ago

I added following debug code:
diff --git a/src/access.c b/src/access.c
index 5876b53..34e4c15 100644
--- a/src/access.c
+++ b/src/access.c
@ -597,6 +597,11 @ access_entry_create(const char *uuid, htsmsg_t *conf)
TAILQ_INSERT_TAIL(&access_entries, ae, ae_link);
}

+ if (ae->ae_username)
+ tvhlog(LOG_WARNING, "userame", ae->ae_username);
+ if (ae->ae_password)
+ tvhlog(LOG_WARNING, "password", ae->ae_password);
+
if (ae->ae_username == NULL)
ae->ae_username = strdup("*");
if (ae->ae_comment == NULL)
@ -763,8 +768,10 @ access_entry_class_password_set(void *o, const void *v)
char buf256, result300;

if (strcmp(v ?: "", ae->ae_password ?: "")) {
+    tvhlog(LOG_WARNING, "password_set ", (char *)v);
     snprintf(buf, sizeof(buf), "TVHeadend-Hide-%s", (const char *)v);
     base64_encode(result, sizeof(result), (uint8_t *)buf, strlen(buf));
+    tvhlog(LOG_WARNING, "password_set encoded", result);
     free(ae->ae_password2);
     ae->ae_password2 = strdup(result);
     free(ae->ae_password);
@ -783,8 +790,10 @ access_entry_class_password2_set(void *o, const void *v)
if (strcmp(v ?: "", ae->ae_password2 ?: "")) {
     if (v && ((const char )v)[0] != '\0') {
+      tvhlog(LOG_WARNING, "password2_set decoding ", v);
       l = base64_decode((uint8_t *)result, v, sizeof(result)-1);
       result[l] = '\0';
+      tvhlog(LOG_WARNING, "password2_set decoded ", result);
       free(ae->ae_password);
       ae->ae_password = strdup(result + 15);
       free(ae->ae_password2);
@ -958,8 +967,10 @ access_init(int createdefault, int noacl)
   / Load */
   if ((c = hts_settings_load_r(1, "accesscontrol")) != NULL) {
     HTSMSG_FOREACH(f, c) {
+      tvhlog(LOG_WARNING,"access wanted for ",f->hmf_name);
       if (!(m = htsmsg_field_get_map(f))) continue;
       (void)access_entry_create(f->hmf_name, m);
+      tvhlog(LOG_WARNING,"access created for ",f->hmf_name);
     }
     htsmsg_destroy(c);
   }
pi@raspberry03 ~/tvheadend $

Now I see that whenever I add a user via the popup window which appears when pressing the "Add" button, the password is set as '*'. I added a screenshot of the entry made in the window, and the matching debug output is:
2014-09-06 13:28:53.145 [WARNING] userame: newuser
2014-09-06 13:28:53.145 [WARNING] password_set : *
2014-09-06 13:28:53.145 [WARNING] password_set encoded: VFZIZWFkZW5kLUhpZGUtKg==

When later changing the password in the UI, this seems to work:
2014-09-06 13:36:36.673 [WARNING] password_set : newpassword2
2014-09-06 13:36:36.675 [WARNING] password_set encoded: VFZIZWFkZW5kLUhpZGUtbmV3cGFzc3dvcmQy

#3

Updated by Martin Ayla about 10 years ago

I have the same problem with the latest git releases.

Changing user or password locks me out.

#4

Updated by Jaroslav Kysela about 10 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset commit:tvheadend|26c778df6334adf94d361e3d3f08c58c7ee07213.

Also available in: Atom PDF