Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NVR integration - Failed to sync device state; 401 Unauthorized errors. #101

Open
DanielNagy opened this issue Sep 28, 2021 · 17 comments
Open

NVR integration - Failed to sync device state; 401 Unauthorized errors. #101

DanielNagy opened this issue Sep 28, 2021 · 17 comments

Comments

@DanielNagy
Copy link

Attempting to add my NVR5xxx-4KS2 series NVR, but fails with 401 Unauthorized errors.

Looked in issue #9 but it doesn't appear anyone has had this issue.

Version of the custom_component

latest 0.9.24

Describe the bug

Added the Integration with the username/password/ ip address, and it Successfully creates the integeration.

However, the Integration becomes "red", with "Retrying Setup". Checking the logs shows "integration not ready yet; Retrying in background", and "Failed to sync device state".

In log viewer, it shows that all the NVR's endpoints are failing with a 401, Unauthorized. If I manually browse to those cgi-bin based uri's, chrome prompts with username and password, and using the same credentials, successfully show valid responses.

Debug log


2021-09-28 13:04:25 WARNING (MainThread) [custom_components.dahua] Failed to sync device state
Traceback (most recent call last):
  File "/config/custom_components/dahua/__init__.py", line 177, in _async_update_data
    responses = await asyncio.gather(
  File "/config/custom_components/dahua/client.py", line 101, in get_software_version
    return await self.get(url)
  File "/config/custom_components/dahua/client.py", line 637, in get
    raise exception
  File "/config/custom_components/dahua/client.py", line 623, in get
    response.raise_for_status()
  File "/usr/local/lib/python3.9/site-packages/aiohttp/client_reqrep.py", line 1000, in raise_for_status
    raise ClientResponseError(
aiohttp.client_exceptions.ClientResponseError: 401, message='Unauthorized', url=URL('http:https://192.168.1.10:80/cgi-bin/magicBox.cgi?action=getSoftwareVersion')
2021-09-28 13:04:35 WARNING (MainThread) [custom_components.dahua] Failed to sync device state
Traceback (most recent call last):
  File "/config/custom_components/dahua/__init__.py", line 177, in _async_update_data
    responses = await asyncio.gather(
  File "/config/custom_components/dahua/client.py", line 82, in async_get_system_info
    return await self.get(url)
  File "/config/custom_components/dahua/client.py", line 637, in get
    raise exception
  File "/config/custom_components/dahua/client.py", line 623, in get
    response.raise_for_status()
  File "/usr/local/lib/python3.9/site-packages/aiohttp/client_reqrep.py", line 1000, in raise_for_status
    raise ClientResponseError(
aiohttp.client_exceptions.ClientResponseError: 401, message='Unauthorized', url=URL('http:https://192.168.1.10:80/cgi-bin/magicBox.cgi?action=getSystemInfo')
2021-09-28 13:04:55 WARNING (MainThread) [custom_components.dahua] Failed to sync device state
Traceback (most recent call last):
  File "/config/custom_components/dahua/__init__.py", line 177, in _async_update_data
    responses = await asyncio.gather(
  File "/config/custom_components/dahua/client.py", line 82, in async_get_system_info
    return await self.get(url)
  File "/config/custom_components/dahua/client.py", line 637, in get
    raise exception
  File "/config/custom_components/dahua/client.py", line 623, in get
    response.raise_for_status()
  File "/usr/local/lib/python3.9/site-packages/aiohttp/client_reqrep.py", line 1000, in raise_for_status
    raise ClientResponseError(
@rroller
Copy link
Owner

rroller commented Oct 4, 2021

This is a weird one. Not sure what I can do to help here. I assume you are still facing this issue?

@DanielNagy
Copy link
Author

DanielNagy commented Oct 4, 2021
edited
Loading

@rroller Yeah I am.. My guess is authentication credentials isn't being presented properly?

Testing my NVR with postman.
Basic Get request to the following url fails, with a 401.
http:https://192.168.1.10:80/cgi-bin/configManager.cgi?action=getConfig&name=General

Enable "Basic Auth" with the same username and password, works with the following response.

table.General.MachineName=NVR
table.General.LocalNo=8
table.General.MachineAddress=
table.General.LockLoginEnable=true
table.General.LockLoginTimes=5
table.General.LoginFailLockTime=300

UPDATE
Enabling "Digest Auth" in Postman as per the code in client.py, fails with the same 401

So, my NVR doesnt support Digest Auth? only Basic Auth? Unless i'm doing something wrong in Postman when enabling Digest Auth?

@DanielNagy
Copy link
Author 

danny@utils:~$ wget -Sv 'http:https://homeassistant:[email protected]:80/cgi-bin/configManager.cgi?action=getConfig&name=General'
--2021-10-04 11:58:10--  http:https://homeassistant:*password*@192.168.1.10/cgi-bin/configManager.cgi?action=getConfig&name=General
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 401 Unauthorized
  WWW-Authenticate: Basic realm="Device_CGI"
  Set-Cookie:secure; HttpOnly
  CONNECTION: close
Syntax error in Set-Cookie: secure; HttpOnly at position 7.
Authentication selected: Basic realm="Device_CGI"
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  X-XSS-Protection: 1;mode=block
  X-Frame-Options: SAMEORIGIN
  Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'
  Strict-Transport-Security: max-age=604800; includeSubDomains
  Content-type: text/plain;charset=utf-8
  CONNECTION: close
  Set-Cookie:secure; HttpOnly
  CONTENT-LENGTH: 192
Syntax error in Set-Cookie: secure; HttpOnly at position 7.
Length: 192 [text/plain]
Saving to: 'configManager.cgi?action=getConfig&name=General.2’

@DanielNagy
Copy link
Author 

 curl -v 'http:https://homeassistant:[email protected]:80/cgi-bin/configManager.cgi?action=getConfig&name=General'
*   Trying 192.168.1.10...
* TCP_NODELAY set
* Connected to 192.168.1.10 (192.168.1.10) port 80 (#0)
* Server auth using Basic with user 'homeassistant'
> GET /cgi-bin/configManager.cgi?action=getConfig&name=General HTTP/1.1
> Host: 192.168.1.10
> Authorization: Basic aG9tZWFzc2lzdGFudDpIQXBhc3N3b3JkNA==
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< X-XSS-Protection: 1;mode=block
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'
< Strict-Transport-Security: max-age=604800; includeSubDomains
< Content-type: text/plain;charset=utf-8
< CONNECTION: close
< Set-Cookie:secure; HttpOnly
< CONTENT-LENGTH: 192
<
table.General.MachineName=NVR
table.General.LocalNo=8
table.General.MachineAddress=
table.General.LockLoginEnable=true
table.General.LockLoginTimes=5
table.General.LoginFailLockTime=300
* Closing connection 0

@DanielNagy
Copy link
Author

Without passing authentication user / pass.. It is clear my NVR is wanting Basic Auth. I wonder if that is a setting i can change? Strange because I am running current v4 firmware build 27th Aug 2021.

curl -v 'http:https://192.168.1.10:80/cgi-bin/configManager.cgi?action=getConfig&name=General'
*   Trying 192.168.1.10...
* TCP_NODELAY set
* Connected to 192.168.1.10 (192.168.1.10) port 80 (#0)
> GET /cgi-bin/configManager.cgi?action=getConfig&name=General HTTP/1.1
> Host: 192.168.1.10
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Basic realm="Device_CGI"
< Set-Cookie:secure; HttpOnly
< CONNECTION: close
<
* Closing connection 0

@GaryOkie
Copy link

GaryOkie commented Oct 4, 2021

I was having similar issues connecting to my Dahua NVR via curl and the Dahua custom integration. Tracked the problem down to having https/ssl enabled and not having the cert locally installed. Disabled SSL and all is well. Since I have all cameras and NVR blocked to the Internet, local http should be fine.

@DanielNagy
Copy link
Author

@GaryOkie, I did try enabling and disabling https based on the original issue I quoted. (You will see my logs above are straight http / port 80.)
Curl shows that it requests "Basic" Auth regardless of HTTP or HTTPS

For clarification, I've enabled HTTPS, and this is the result of the curl test. It still shows WWW-Authenticate as Basic

curl -vk 'https://192.168.1.10/cgi-bin/magicBox.cgi?action=getSystemInfo'
*   Trying 192.168.1.10...
* TCP_NODELAY set
* Connected to 192.168.1.10 (192.168.1.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=192.168.1.10; C=CN
*  start date: Jul  2 15:30:06 2021 GMT
*  expire date: Jun 26 15:30:06 2051 GMT
*  issuer: CN=NVR
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /cgi-bin/magicBox.cgi?action=getSystemInfo HTTP/1.1
> Host: 192.168.1.10
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Basic realm="Device_CGI"
< Set-Cookie:secure; HttpOnly
< CONNECTION: close

@DanielNagy
Copy link
Author

So long story short, it seems there needs to be a option to be able to select Basic authentication, as well as the default Digest Authentication?

Can we make this happen please? :)

@thetravellor
Copy link

thetravellor commented Jan 7, 2022
edited
Loading

My Dahua NVR states that an RTSP feed is available as follows

rtsp:https://:@:/cam/realmonitor?channel=1&subtype=0
channel: Channel, 1-8; subtype: Stream Type, Main Stream 0, Sub Stream 1.

The integration appears to not understand this.

https://imgur.com/a/iisvBLQ

@pentti12
Copy link

pentti12 commented Mar 1, 2022

Hello

I end up into similar situation as DanielNagy and thetravellor, when I tried to access Dahua DHI-NVR4104-P-4KS2 unit with the latest Dahua Integration 0.9.39.
When I expect to get this integration working?

@thetravellor
Copy link

thetravellor commented Mar 2, 2022
edited
Loading

I have since found that the integration only works with the 4.0 dahua UI, you need to update the firmware your model.

https://www.dahuasecurity.com/support/downloadCenter/firmware?child=171
Maybe this one DH_NVR4x-4KS2L_MultiLang_V4.002.0000000.2.R.220121

If no firmware, you are out of luck.

@DanielNagy
Copy link
Author

@thetravellor I have a NVR5216-16P-4KS2, and I'm running the following System Version | V4.002.0000000.2.R, Build Date: 20-01-2022

image

And the Security -> System Service -> Basic Services -> Private Protocol Authentication mode is set to "Security Mode (recommended)" which according to the manual is Digest mode.

I have tried changing this setting, rebooting, changing back, rebooting.. to no avail.
image

@thetravellor
Copy link

thetravellor commented Mar 2, 2022
edited
Loading

I dont have crypto on at all, try turning this off.

The integration would not work with crypto on. probably because its using a "Private" protocol that nobody knows anything about.
Capture

@DanielNagy
Copy link
Author

@thetravellor Yeh, i already have that disabled, as per your screenshot.

@thetravellor
Copy link

thetravellor commented Mar 2, 2022
edited
Loading

You need to add 1 channel per integration, so if you have 8 cameras for example, you will add the integration 8 times once for each of channels from 0 to 7
Capture
Capture2

@DanielNagy
Copy link
Author

It doesn't even allow me to select channel 0. I get a authentication 401 error. Refer back to my debug log in the original post of this issue.

image

@adit1o
Copy link

adit1o commented Apr 25, 2024
edited
Loading

any update guys? this happen only on my NVR, DVR work properly

test:

# NVR -> WORK 
wget --user admin --password admin -O video.dav 'http:https://192.168.2.190/cgi-bin/loadfile.cgi?action=startLoad&channel=1&startTime=2024-04-23%2012:01:00&endTime=2024-04-23%2012:02:00'

# NVR -> NOT WORK
wget --user admin --password admin -O video.dav 'http:https://192.168.2.190/cgi-bin/loadfile.cgi?action=startLoad&channel=1&startTime=2024-04-23%2012:00:00&endTime=2024-04-23%2013:00:00'

output:

Connecting to 192.168.2.190:80... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Syntax error in Set-Cookie: secure; HttpOnly at position 7.
Authentication selected: Digest realm="Login to a7d673dd7e8e0028f88cbd54b5d324c1", qop="auth", nonce="374563367", opaque="d3a812d5923c1b13377d4162097492c7602018e1"
Connecting to 192.168.2.190:80... connected.
HTTP request sent, awaiting response... 200 OK
Syntax error in Set-Cookie: secure; HttpOnly at position 7.
Length: 3760128 (3.6M) [application/http]
Saving to: ‘video.dav’

video.dav                            0%[                                                                ]       0  --.-KB/s    in 0s      

2024-04-25 14:25:10 (0.00 B/s) - Connection closed at byte 0. Retrying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rroller @thetravellor @DanielNagy @pentti12 @GaryOkie @adit1o