search

koush / scrypted

Scrypted is a high performance video integration and automation platform
https://scrypted.app
Other
3.91k stars 237 forks source link

Amcrest authentication issues #1420

Closed mrala closed 1 week ago

mrala commented 3 months ago

Describe the bug I'm receiving 401 errors using the Amcrest plugin on a IPC-T2431T-AS S2 camera (no problems on the older non-S2 revision IPC-T2431T-AS). It's attempting to use digest auth but getting 401 responses. However, I'm able to successfully curl the camera endpoints with digest auth. The RTSP video feed is working correctly. I've configured security settings on the S2 variant identically as an older camera. This is breaking event/motion detection.

To Reproduce Steps to reproduce the behavior:

  1. Add a IPC-T2431T-AS S2 camera using the Amcrest plugin
  2. View the console for the Amcrest plugin

  3. See example errors:

    error retrieving stream configurations Error: http response statusCode 401
    at checkStatus (C:\server\src\fetch\index.ts:43:15)
    at httpFetch (C:\server\src\fetch\http-fetch.ts:124:28)
    at processTicksAndRejections (/<snip>/plugins/amcrest/out/lib/internal/process/task_queues.js:95:5)
    at AmcrestCameraClient.request (C:\src\amcrest-api.ts:126:26)
    at C:\src\main.ts:422:41 {stack: 'Error: http response statusCode 401
    at ch…t-api.ts:126:26)
    at C:\src\main.ts:422:41', message: 'http response statusCode 401'}
preparing event listener http://192.168.0.5:80/cgi-bin/eventManager.cgi?action=attach&codes=[All]
listen loop connection failed, restarting listener. http response statusCode 401

    I'm able to use digest auth in a curl request. The camera reports a login failure.

    $ curl --user "<snip>:<snip>" "http://<snip>:80/cgi-bin/eventManager.cgi?action=attach&codes=\[All\]" --digest
--myboundary
Content-Type: text/plain
Content-Length: 183

Code=LoginFailure;action=Pulse;index=0;data={
        "Name": "admin",
        "Type": "Web3.0",
        "Address":      "<scrypted-ip-address>",
        "Error":        4,
        "LocaleTime":   "2024-04-04 22:41:04",
        "UTC":  1712284864
}
--myboundary
Content-Type: text/plain
Content-Length: 119

Code=VideoMotion;action=Start;index=0;data={
        "LocaleTime":   "2024-04-04 22:41:47",
        "UTC":  1712284907,
        "Name": "IPC"
}

--myboundary
Content-Type: text/plain
Content-Length: 118

Code=VideoMotion;action=Stop;index=0;data={
        "LocaleTime":   "2024-04-04 22:41:51",
        "UTC":  1712284911,
        "Name": "IPC"
}

    Expected behavior We should be able to communicate with the camera without any 401 errors/authentication issues.

Server (please complete the following information):

Hardware Model (please complete the following information):

Client (please complete the following information, if applicable):

Additional context n/a

koush commented 3 months ago

can you run curl with verbose flags

koush commented 3 months ago

can you also roll back to the earliest available version in the dropdown to see if it resolves

mrala commented 3 months ago

I've tried rolling back to every available version of the Amcrest plugin with the same results each time.

Here is verbose curl output. Interestingly, it looks like there is a 401 at first but then authenticates correctly:

curl -v --user "<snip>:<snip>" "http://<cam-ip>/cgi-bin/eventManager.cgi?action=attach&codes=\[All\]" --digest
*   Trying <cam-ip>:80...
* Connected to <cam-ip> (<cam-ip>) port 80
* Server auth using Digest with user 'scrypted'
> GET /cgi-bin/eventManager.cgi?action=attach&codes=[All] HTTP/1.1
> Host: <cam-ip>
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Connection: close
< Content-Length: 0
< WWW-Authenticate: Digest realm="Login to D14<snip>", qop="auth", nonce="36b23460-<snip>", opaque=""
<
* Excess found: excess = 2 url = /cgi-bin/eventManager.cgi (zero-length body)
* Closing connection
* Issue another request to this URL: 'http://<cam-ip>/cgi-bin/eventManager.cgi?action=attach&codes=[All]'
* Hostname <cam-ip> was found in DNS cache
*   Trying <cam-ip>:80...
* Connected to <cam-ip> (<cam-ip>) port 80
* Server auth using Digest with user 'scrypted'
> GET /cgi-bin/eventManager.cgi?action=attach&codes=[All] HTTP/1.1
> Host: <cam-ip>
> Authorization: Digest username="scrypted", realm="Login to D14398D80B28EEBF", nonce="36b23460-<snip>>", uri="/cgi-bin/eventManager.cgi?action=attach&codes=[All]", cnonce="YTll<snip>>", nc=00000001, qop=auth, response="ec89<snip>>", opaque=""
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache
< Connection: Keep-Alive
< Content-Type: multipart/x-mixed-replace; boundary=myboundary;charset=utf-8
< Expires: Thu, 01 Dec 2099 16:00:00 GMT
< Pragma: no-cache
* no chunk, no close, no size. Assume close to signal end
<
--myboundary
Content-Type: text/plain
Content-Length: 186

Code=LoginFailure;action=Pulse;index=0;data={
        "Name": "scrypted",
        "Type": "Web3.0",
        "Address":      "<scrypted ip>",
        "Error":        4,
        "LocaleTime":   "2024-04-08 18:41:59",
        "UTC":  1712616119
}
koush commented 3 months ago

do you think you can dm me on discord and port forward a camera for me. going to have a hard time fixing this otherwise.

mrala commented 3 months ago

Sure thing! I'll try to reach out in the next couple of days.