Jump to content


Photo

streamproxy and authentication


  • Please log in to reply
135 replies to this topic

Re: streamproxy and authentication #21 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 30 December 2018 - 13:00

I never changed that behaviour on purpose (see the commits). If it's broken it should be fixed. Can you pinpoint it to a certain commit?


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: streamproxy and authentication #22 anudanan

  • Senior Member
  • 1,185 posts

+16
Neutral

Posted 30 December 2018 - 13:06

Thx Erik for explanation about streamproxy. Know I have understand some things inside ;-)

 

 

 

Streamproxy needs to get a tuner tuned and connected to a service. That's done using the OWIF, there is no other way of communication with enigma from an external binary. So if you configure OWIF access with a password, streamproxy needs to have the password.

 

How can I give streamproxy the password which streamproxy needs for connecting to OWIF?

Or is there no way and streamproxy works only without HTTP auth in OWIF?


Receiver:2 x Uno4k SE (PLI 7.3 rel), 1 x ET9200 (PLI 4.0), NAS: 2 x QNAP 410, TV: LG 65C8llla, LG 47LB570V, LG 42LM615S, Sound: Yamaha RX-v663, Teufel System 5 THX


Re: streamproxy and authentication #23 Pr2

  • PLi® Contributor
  • 6,200 posts

+261
Excellent

Posted 30 December 2018 - 13:09

Please read the other thread I refer to. :-)

 

https://forums.openp...rt/#entry989169

 

So I check and find this:

 

https://forums.openp...ndpost&p=989197

 

There we saw a comparison between OpenPLi 6.2 and OpenPLi 7 where OWIF defined parameters in 6.2 they disappeard in 7.0.

 

Then WanWizard replied this:  https://forums.openp...rt/#entry989329


NO SUPPORT by PM, it is a forum make your question public so everybody can benefit from the question/answer.
If you think that my answer helps you, you can press the up arrow in bottom right of the answer.

Wanna help with OpenPLi Translation? Please read our Wiki Information for translators

Sat: Hotbird 13.0E, Astra 19.2E, Eutelsat5A 5.0W
VU+ Solo 4K: 2*DVB-S2 + 2*DVB-C/T/T2 (used in DVB-C) & Duo 4K: 2*DVB-S2X + DVB-C (FBC)

AB-Com: PULSe 4K 1*DVB-S2X (+ DVB-C/T/T2)
Edision OS Mio 4K: 1*DVB-S2X + 1*DVB-C/T/T2
 


Re: streamproxy and authentication #24 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 30 December 2018 - 13:24

Yes, exactly. OWIF bug, not a streamproxy bug.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: streamproxy and authentication #25 littlesat

  • PLi® Core member
  • 57,475 posts

+708
Excellent

Posted 30 December 2018 - 14:58

The broadcom version cannot do it, only the e2/xtrend version does modi on demand....

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: streamproxy and authentication #26 WanWizard

  • PLi® Core member
  • 70,949 posts

+1,835
Excellent

Posted 30 December 2018 - 15:08

Or is there no way and streamproxy works only without HTTP auth in OWIF?

 

Technically it should be possible to disable not require auth on the webif for requests from localhost, that would allow the streamproxy and other processes running on the box  to communicate with the OWIF API without impact on security?


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: streamproxy and authentication #27 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 31 December 2018 - 13:09

The broadcom version cannot do it, only the e2/xtrend version does modi on demand....

You obviously don't have a clue what you're talking about here.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: streamproxy and authentication #28 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 31 December 2018 - 13:10

 

Or is there no way and streamproxy works only without HTTP auth in OWIF?

Technically it should be possible to disable not require auth on the webif for requests from localhost, that would allow the streamproxy and other processes running on the box  to communicate with the OWIF API without impact on security?

Yes, that would be a proper solution. I seem to remember having requested that before.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: streamproxy and authentication #29 anudanan

  • Senior Member
  • 1,185 posts

+16
Neutral

Posted 31 December 2018 - 14:22

I´ve heared in the vti forum there is a switch for streamproxy to connect without password even OWIF has HTTP auth enable. It maybe that is a switch for OWIF to accept HTTP without auth from localhost


Edited by anudanan, 31 December 2018 - 14:27.

Receiver:2 x Uno4k SE (PLI 7.3 rel), 1 x ET9200 (PLI 4.0), NAS: 2 x QNAP 410, TV: LG 65C8llla, LG 47LB570V, LG 42LM615S, Sound: Yamaha RX-v663, Teufel System 5 THX


Re: streamproxy and authentication #30 WanWizard

  • PLi® Core member
  • 70,949 posts

+1,835
Excellent

Posted 31 December 2018 - 14:32

These are the exception rules in OWIF:

# Handle all conditions where auth may be skipped/disabled

# #1: Auth is disabled and access is from local network
if (not request.isSecure() and config.OpenWebif.auth.value is False) or (request.isSecure() and config.OpenWebif.https_auth.value is False):
	networks = getAllNetworks()
	if networks:
		for network in networks:
			if ipaddress.ip_address(unicode(peer)) in ipaddress.ip_network(unicode(network), strict=False):
				return self.resource.getChildWithDefault(path, request)

# #2: Auth is disabled and access is from private address space (Usually VPN) and access for VPNs has been granted
if (not request.isSecure() and config.OpenWebif.auth.value is False) or (request.isSecure() and config.OpenWebif.https_auth.value is False):
	if config.OpenWebif.vpn_access.value is True and ipaddress.ip_address(unicode(peer)).is_private:
		return self.resource.getChildWithDefault(path, request)

# #3: Access is from localhost and streaming auth is disabled - or - we only want to see our IPv6 (For inadyn-mt)
if ((host == "localhost" or host == "127.0.0.1" or host == "::ffff:127.0.0.1" or host == "::1") and not config.OpenWebif.auth_for_streaming.value) or request.uri == "/web/getipv6":
	return self.resource.getChildWithDefault(path, request)

# #4: Web TV is accessing streams and "auths" by parent session id
if request.getUser() == "-sid":
	sid = str(request.getPassword())
	try:
		oldsession = site.getSession(sid).sessionNamespaces
		if "logged" in oldsession.keys() and oldsession["logged"]:
			session = request.getSession().sessionNamespaces
			session["logged"] = True
			return self.resource.getChildWithDefault(path, request)
	except: # nosec
		pass

# If we get to here, no exception applied

Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: streamproxy and authentication #31 WanWizard

  • PLi® Core member
  • 70,949 posts

+1,835
Excellent

Posted 31 December 2018 - 14:39

As far as I can see, streamproxy only does a GET of "/web/stream?StreamService=", so I don't see why that couldn't be whitelisted, like the inadyn-mt GET...


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: streamproxy and authentication #32 anudanan

  • Senior Member
  • 1,185 posts

+16
Neutral

Posted 31 December 2018 - 14:49

It is possible that the reason is that streamproxy uses  the OWIF HTTP_auth parameter for authentication and not the HTTP_streaming_auth parameter of openWEBIF. 

 

So my feeling ist if streamproxy makes an HTTP connect to OWIF without auth if the OWIF HTTP_streaming_auth ist false it would work


Receiver:2 x Uno4k SE (PLI 7.3 rel), 1 x ET9200 (PLI 4.0), NAS: 2 x QNAP 410, TV: LG 65C8llla, LG 47LB570V, LG 42LM615S, Sound: Yamaha RX-v663, Teufel System 5 THX


Re: streamproxy and authentication #33 WanWizard

  • PLi® Core member
  • 70,949 posts

+1,835
Excellent

Posted 31 December 2018 - 14:54

That is for Erik to answer.

 

It could well be that the streamproxy code pre-dates the split in the auth code in OWIF, as the seperate auth for streaming was added later.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: streamproxy and authentication #34 anudanan

  • Senior Member
  • 1,185 posts

+16
Neutral

Posted 31 December 2018 - 15:16

With that knowledge I´ve made the following test.

 

OWIF hast http auth disabled and HTTP streaming auth disabled and that is seen in the settings file /etc/enigma2/settings.

 

Now I have set OWIF zu HTTP auth enable but without GUi restart you can´t see that in the settings file. That means streamproxy has the knowledge to connect without auth to OWIF.

 

A normal HTTP access from PC needs now User/pW

 

But streaming with streamproxy works now as I expected. I connect to the OWIF with HTTP auth and can stream with auth for port 8002

 

If I make a GUI restart, than streaming with streamproxy doesn´t work because streamproxy now knows about the HTTP auth true value.

 
 

So I think the idea to use the HTTP auth for streaming parameter of OWIF is the solution


Edited by anudanan, 31 December 2018 - 15:18.

Receiver:2 x Uno4k SE (PLI 7.3 rel), 1 x ET9200 (PLI 4.0), NAS: 2 x QNAP 410, TV: LG 65C8llla, LG 47LB570V, LG 42LM615S, Sound: Yamaha RX-v663, Teufel System 5 THX


Re: streamproxy and authentication #35 anudanan

  • Senior Member
  • 1,185 posts

+16
Neutral

Posted 31 December 2018 - 15:22

is to late for editing the last post

 

Sorry, that sentense was wrong

But streaming with streamproxy works now as I expected. I connect to the OWIF with HTTP auth and can stream with auth for port 8002

 

correct is

But streaming with streamproxy works now as I expected. I connect to the OWIF with HTTP auth and can stream without auth for port 8002


Edited by anudanan, 31 December 2018 - 15:22.

Receiver:2 x Uno4k SE (PLI 7.3 rel), 1 x ET9200 (PLI 4.0), NAS: 2 x QNAP 410, TV: LG 65C8llla, LG 47LB570V, LG 42LM615S, Sound: Yamaha RX-v663, Teufel System 5 THX


Re: streamproxy and authentication #36 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 31 December 2018 - 16:15

It could well be that the streamproxy code pre-dates the split in the auth code in OWIF, as the seperate auth for streaming was added later.

Very probable.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: streamproxy and authentication #37 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 31 December 2018 - 16:17

So, what I am supposed to change in streamproxy, given the above URL specified by Wanwizard is used and the source is localhost (::1)?


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: streamproxy and authentication #38 littlesat

  • PLi® Core member
  • 57,475 posts

+708
Excellent

Posted 31 December 2018 - 16:45

You obviously don't have a clue what you're talking about here.

since when and ‘what’ is it possible with vu style....

Edited by littlesat, 31 December 2018 - 16:46.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: streamproxy and authentication #39 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 1 January 2019 - 13:18

First of all, there is no "xtrend" style or "vu+" style of transcoding.

 

There is the streamproxy and enigma itself, where enigma itself is able to handle transcoding for xtrend-api-based receivers. Streamproxy can handle both xtrend-api-based receivers and all others.

 

Enigma operates on port 8001, streamproxy on any port you configure, default 8002 and 8003.

 

Those are the only two sytems relevant as seen from the end user.

 

Both systems allow to add http parameters to the request URL, where a.o. the bitrate can be overriden from the default.

 

So I really don't understand where you get this notion from. Maybe you missed the fact the we haven't been using the "transtreamproxy" from VU+ for about 5 years now.


Edited by Erik Slagter, 1 January 2019 - 13:19.

* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: streamproxy and authentication #40 WanWizard

  • PLi® Core member
  • 70,949 posts

+1,835
Excellent

Posted 1 January 2019 - 13:40

First of all, there is no "xtrend" style or "vu+" style of transcoding.

 

Sorry for introducing those terms, I tried to explain it in a way end-users in this topic would understand. ;)

 

And please also note that this topic was a discussion about the WebIf, and that does make a distinction between VU+ style and Xtrend style, based on brand/model, when generating transcoding URL's.  For Xtrend style, it generates a URL on port 8001 with transcoding parameters, for VU+ style it generates a URL on port 8002 without those parameters.

 

It would be handy if the OWIF would generate all transcoding URL's with encoding parameters, but it doesn't, as that would break it for non-OpenPLi images.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.



12 user(s) are reading this topic

0 members, 12 guests, 0 anonymous users