Is this software malicious?

[elsampsa]

Hello,

When I'm in LAN, that has access to WAN (i.e. internet) I can get onvif connection to cameras OK.

However, when I'm in LAN, with no access to internet, and while trying to create the device management service, I get errors, such as ..

"name resolution temporary unavailable"

or

"name or service not known"

So the python module tries always to connect to internet, even if there is no need to do that..

Regards,

Sampsa

[sinchb]

hi, can you show me the code related? how do you connect to the cam? domain name or decimal IP? If domain name, it needs DNS Lookup.

[elsampsa]

Hello,

First of all, sorry about the provocative question title .. I just thought this forum was pretty dead. Thanks for your swift reply!

I am doing simply: mycam = onvif.ONVIFCamera(ip, 80, user, passwd, wsdldir) where ip is given with decimal ip, and wsdldir is the directory where I am keeping the wsdl files. With that line of python code, I am getting: onvif.exceptions.ONVIFError: Unknown error: <urlopen error [Errno -2] Name or service not known>

This is very easy to test! Just put your cameras into LAN and be sure that you don't have access to internet (i.e. with, say, "ping google.com") and you should reproduce the same error.

I think it is suds related, actually. Suds probably wants to get something from somewhere in the internet .. I'll try to dig deeper.

[elsampsa]

I removed the "safe_func" decorator and got ..

... ... File "/home/sampsa/dasys/RecMobile/suds/xsd/sxbasic.py", line 560, in download d = reader.open(url) File "/home/sampsa/dasys/RecMobile/suds/reader.py", line 79, in open d = self.download(url) File "/home/sampsa/dasys/RecMobile/suds/reader.py", line 95, in download fp = self.options.transport.open(Request(url)) File "/home/sampsa/dasys/RecMobile/suds/transport/https.py", line 60, in open return HttpTransport.open(self, request) File "/home/sampsa/dasys/RecMobile/suds/transport/http.py", line 62, in open return self.u2open(u2request) File "/home/sampsa/dasys/RecMobile/suds/transport/http.py", line 118, in u2open return url.open(u2request, timeout=tm) File "/usr/lib/python2.7/urllib2.py", line 404, in open response = self._open(req, data) File "/usr/lib/python2.7/urllib2.py", line 422, in _open '_open', req) File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain result = func(*args) File "/usr/lib/python2.7/urllib2.py", line 1214, in http_open return self.do_open(httplib.HTTPConnection, req) File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open raise URLError(err) urllib2.URLError: <urlopen error [Errno -2] Name or service not known>

So it goes pretty deep in suds .. its trying to open the following url:

http://www.w3.org/2005/08/addressing/ws-addr.xsd

Suds actually tries to get lots of files from the internet to get the specifications. One should, somehow, copy these files to a local directory and tell suds the files are there ..

[elsampsa]

Ok.. this has no easy solution.

The wsdl files which I have locally, define files in the internet, for example the file

.. /onvif/wsdl/bf-2.xsd

Has a line in it that says

xmlns:wsa="http://www.w3.org/2005/08/addressing"

So, after retrieving "bf-2.xsd" from a local file, it tries to retrieve that "http://www.w3.org/...", mentioned in "bf-2.xsd". I am also a bit afraid that the files it tries to retrieve from internet, define in them, other files that are also defined in internet, etc.

It's a nightmare and totally unusable if you are offline.

I wonder who was the intellectual who invented soap and implemented it that way..! .. unusable offline! and why it is applied this way (with onvif/soap) to ip cameras which many times run in closed LAN networks.

I'd might to try to retrieve those files automagically with wget, or something of the sort..

[sinchb]

yes, this is also an issue confused me. I have tried to download some specifications to speed up the client instance creation. See this. include bf-2.xsd and ws-addr.xsd.

However....this issue you reported is a bug actually. For I forgot to replace http://www.w3.org/2005/08/addressing/ws-addr.xsd with the local file path ---- ./ws-addr.xsd in bf-2.xsd. I will fix it.

Thank you a lot for your report!

[sinchb]

@elsampsa Please download latest master and install again. Ensure that the old package have been removed before your installation

[elsampsa]

Did you test it .. ?

I.e. first

rm -f /tmp/suds/*

And then running the program .. one can disable WAN from the router and use LAN only for test purposes..

Now I get (also with WAN enabled)

... File "/home/sampsa/dasys/RecMobile/suds/client.py", line 221, in init self.resolver = PathResolver(wsdl) File "/home/sampsa/dasys/RecMobile/suds/resolver.py", line 85, in init Resolver.init(self, wsdl.schema) AttributeError: 'NoneType' object has no attribute 'schema'

So it crashes somewhere in suds.

[elsampsa]

This might do the trick .. http://stackoverflow.com/questions/7500492/how-do-i-prevent-suds-from-fetching-xml-xsd-over-the-network Are you sure you can use < .. schemaLocation="./onvif.xsd"/ > Shouldn't it be ? <.. schemaLocation="file:///path_to_file/onvif.xsd">

[sinchb]

does the trick solved your issue? @elsampsa